Malicious PDF — malware analysis report

Static analysis result for SHA-256 fc91abf10d5cd668…

MALICIOUS

PDF

47.6 KB Created: 2021-09-02 03:29:11 +03:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 5.11.3) First seen: 2021-10-05
MD5: e589fb2ef5efece89d9b8c1e4b2b703a SHA-1: 5153861b19fa2fa1fc983c9badd22439fd5ff42f SHA-256: fc91abf10d5cd6683829f634aa490e55f2e8353dedf9359e6502dfd29907e462
64 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The ClamAV heuristic identified this PDF as a phishing trojan. It contains an embedded URI pointing to a suspicious domain, which is likely used to deliver a malicious payload or phish for credentials. The PDF structure itself does not contain readable content, but the presence of the external URI and the ClamAV detection strongly suggest malicious intent.

Machine Learning

  • Nyx PDF Classifier suspicious score 0.3872

Heuristics 3

  • ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://pistant.ru/uplcv?utm_term=stomach+pain+feel+like+throwing+up+and+pooping PDF link annotation

Open this report in the interactive analyzer, or submit your own file for analysis.