PDF malware analysis — malicious · f84a9a1791bb1e98

MALICIOUS

PDF

54.6 KB Created: 2021-08-16 16:22:40 +03:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 5.11.3) First seen: 2021-10-14

MD5: 59c4eb34088708429fc25a62ccf5bc30 SHA-1: c3b76857310d22baba69e4573a4731017ed3c308 SHA-256: f84a9a1791bb1e986d36be1bddc2f8f5655f8a2d9fe8e6150f7576e559c315de

94 Risk Score

Malware Insights

MITRE ATT&CK

T1566.001 Spearphishing Attachment

The PDF document contains multiple embedded URLs, with one specifically identified as an external URI. ClamAV detection and ML classification indicate malicious intent, likely phishing or malware distribution. The presence of these URLs suggests the document is designed to redirect users to potentially harmful sites.

Machine Learning

Nyx PDF Classifier malicious score 0.5744

Heuristics 3

ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
External URI info PDF_URI

PDF contains an external URL action
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
URL https://philabc.ru/uplcv?utm_term=decode+and+conquer+pdf+github PDF link annotation
- http://nomorecpapmachine.com/userfiles/files/wujatebubebotaw.pdfIn PDF document text
- https://mygoaltv.com/ipp/images/uploads/files/vofilezivuja.pdfIn PDF document text
- https://camping-du-lac-dijon.com/fichiers/35846126223.pdfIn PDF document text

Open this report in the interactive analyzer, or submit your own file for analysis.