PDF malware analysis — malicious · f75caa90c2bb5a44

MALICIOUS

PDF

54.4 KB Created: 2021-08-18 23:16:52 +03:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 5.11.3) First seen: 2021-09-14

MD5: 48056dac0dae7677bd53d2d62ea1d9af SHA-1: 4c7ba3dacf11c587f2409acd560f3b20b6934a96 SHA-256: f75caa90c2bb5a4432f4724af37cb65beab5137f5bd591a69eea280b48190b8f

64 Risk Score

Malware Insights

MITRE ATT&CK

T1566.001 Spearphishing Attachment

The file was detected as a phishing trojan by ClamAV. It contains an embedded URI pointing to a URL that, while currently benign, is likely used to redirect users to a malicious site. The PDF structure and the presence of an external URI suggest an attempt to trick the user into visiting a compromised or malicious web page.

Machine Learning

Nyx PDF Classifier clean score 0.1212

Heuristics 3

ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
External URI info PDF_URI

PDF contains an external URL action
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.

URL https://feedproxy.google.com/~r/1eyvgo/aqOO/~3/S30rS-6n6vg/uplcv?utm_term=a+history+of+american+higher+education+thelin+3rd+edition PDF link annotation

Open this report in the interactive analyzer, or submit your own file for analysis.