PDF malware analysis — malicious · f76b495d960c3536

MALICIOUS

PDF

81.8 KB Created: 2021-08-03 22:04:04 +03:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 5.11.3) First seen: 2021-10-05

MD5: be827c4a9249661b7615711e9779f3d3 SHA-1: a5f775345438bc2e516924da4df3f0f768d6309f SHA-256: f76b495d960c353699385b042a79e959855ddfdf2feb1dad5fee91ad8a173609

94 Risk Score

Malware Insights

MITRE ATT&CK

T1566.001 Spearphishing Attachment

The file is identified as malicious by ML classifiers and ClamAV, with a specific detection signature indicating it is a PDF phishing trojan. An external URI was extracted, pointing to a URL that, while currently classified as benign, is likely part of the attack chain. No scripts were extracted, limiting the analysis of the execution flow.

Machine Learning

Nyx PDF Classifier malicious score 0.6016

Heuristics 3

ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
External URI info PDF_URI

PDF contains an external URL action
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.

URL https://feedproxy.google.com/~r/Uplcv/~3/1xuhb7AK25c/uplcv?utm_term=ejercicios+de+lenguaje+algebraico+en+la+vida+cotidiana PDF link annotation

Open this report in the interactive analyzer, or submit your own file for analysis.