PDF malware analysis — malicious · fc0d8fbdd91bad9b

MALICIOUS

PDF

47.8 KB Created: 2021-07-23 20:52:39 +03:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 5.11.3) First seen: 2021-09-18

MD5: d99cbdfac51169a6a4bf3593ac658da6 SHA-1: 866e053d506fd5a57fce7e9a0096aa2766628a79 SHA-256: fc0d8fbdd91bad9b61960d90549bb1238a8665f1adb59f5bd9be6a6c3e701a72

64 Risk Score

Malware Insights

MITRE ATT&CK

T1566.001 Spearphishing Attachment

The file is identified as malicious by ClamAV with a specific signature indicating it is a phishing trojan. A PDF URI heuristic also extracted an external URL, which is likely part of the phishing lure. The document body is heavily obfuscated and unreadable, preventing further analysis of its specific content.

Machine Learning

Nyx PDF Classifier suspicious score 0.3960

Heuristics 3

ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
External URI info PDF_URI

PDF contains an external URL action
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.

URL https://feedproxy.google.com/~r/skout/mBVl/~3/FevRqgeaUVY/uplcv?utm_term=kur%27an%27%C4%B1+kerim+t%C3%BCrk%C3%A7e+okunu%C5%9Fu+ve+anlam%C4%B1+pdf PDF link annotation

Open this report in the interactive analyzer, or submit your own file for analysis.