Malicious PDF — malware analysis report

Static analysis result for SHA-256 fbb5517a363c13d9…

MALICIOUS

PDF

48.9 KB Created: 2021-09-22 12:00:22 +03:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 5.11.3) First seen: 2021-11-02
MD5: 8a9b5aa35d671ffe326c05fc9e0d7072 SHA-1: cfec5a8aed651718f1e5ecd2ce3aecd107b8c7e5 SHA-256: fbb5517a363c13d924884a81390f4c4d78286eebabd3a8dcf22ec35ed8a8a6e5
94 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF file was detected as malicious by ML classifiers and ClamAV, indicating a phishing or trojan payload. It contains an embedded URI pointing to a suspicious domain, likely intended to deliver a secondary malicious payload or redirect the user to a phishing site. The document body, though truncated, suggests a lure related to gaming, which is a common tactic for social engineering.

Machine Learning

  • Nyx PDF Classifier malicious score 0.5042

Heuristics 3

  • ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://catamma.ru/uplcv?utm_term=unlimited+money+gta+5+online PDF link annotation
    • http://malifer.hu/upload/file/nopaxaweli.pdfIn PDF document text

Open this report in the interactive analyzer, or submit your own file for analysis.