PDF malware analysis — malicious · f9702f05c394e13a

MALICIOUS

PDF

58.2 KB Created: 2021-08-14 18:54:14 +03:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 5.11.3) First seen: 2021-10-05

MD5: 45d1f7b45042681e333df10ddb60f78e SHA-1: 3b561e2d962d29dd6b17ce60690bb79e22af2fd3 SHA-256: f9702f05c394e13acfed52bbf85cabefeb5f29892a9219b2b79b72c3e22bf099

94 Risk Score

Malware Insights

MITRE ATT&CK

T1566.001 Spearphishing Attachment

The file is a PDF document flagged by ClamAV as a phishing trojan. It contains an embedded URI that points to a URL which, despite its benign reputation, is associated with the malicious activity. The PDF structure and heuristics suggest an attempt to trick the user into visiting this external resource, likely for credential harvesting or further malware delivery.

Machine Learning

Nyx PDF Classifier malicious score 0.5047

Heuristics 3

ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
External URI info PDF_URI

PDF contains an external URL action
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.

URL https://feedproxy.google.com/~r/skout/mBVl/~3/3CAf4wW3hvY/uplcv?utm_term=list+of+important+days+with+themes+2020+pdf+gradeup PDF link annotation

Open this report in the interactive analyzer, or submit your own file for analysis.