Malicious PDF — malware analysis report

Static analysis result for SHA-256 fd5d821b9a2e74a7…

MALICIOUS

PDF

73.6 KB Created: 2021-04-01 17:40:09 +03:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 4.8.7)
MD5: 3cefd15c5fdc4e8ea31ef7b7bddf2d87 SHA-1: 801400ae4e7b8de1ead324edba457d6b853d01ec SHA-256: fd5d821b9a2e74a7a2fa2cd74be72375624a55f753b520b846026c93707d022e
94 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF file contains an embedded URI that directs the user to a suspicious domain, likely for phishing or malware distribution. The ClamAV detection and ML classifier further indicate malicious intent. Although no scripts were extracted, the presence of a malicious URL strongly suggests an attempt to redirect the user to a harmful site, likely as part of a phishing campaign.

Machine Learning

  • Nyx PDF Classifier malicious score 0.7867

Heuristics 3

  • ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://midufefew.ru/award?keyword=athlean+x+inferno+max+size+pdf
    • http://skidki-day.shop/how_to_wind_up_a_howard_miller_clockkira4.pdf
    • http://bratskpravojur.ru/you_will_get_well_soon_meaning_in_hindie7b32.pdf
    • http://italia-doc.fun/why_is_algernon_important_to_charliedv5pa.pdf
    • http://bimupodum.iblogger.org/do_air_filters_filter_smoke.pdf
    • http://kuvekuzokagow.iblogger.org/cateterismo_limpio_intermitente.pdf
    • http://rabota-plus.club/how_much_does_medical_laboratory_technician_makefv3y8.pdf
    • http://tofugezupeb.mygamesonline.org/life_and_death_stephenie_meyer_download.pdf
    • http://copyrightsafetyhelps.com/sister_outsider_poetry_is_not_a_luxury1mi4d.pdf
    • http://vk-settings-change.online/1704395277085zrz.pdf
    • http://cashthe.ru/xugasokibibekofudadonijasp91o9.pdf
    • http://pitushok.fun/how_to_reset_honeywell_4000_thermostatn1pwq.pdf
    • https://uploads.strikinglycdn.com/files/38d0ec40-0269-481b-a3a6-d233c7129f4a/jawaxulorefi.pdf
    • https://uploads.strikinglycdn.com/files/63ff8e58-50fa-4a80-b449-3477a5cd24e9/motorola_sb6120_specs.pdf
    • https://uploads.strikinglycdn.com/files/9c34c00e-74bd-4c6d-9afa-dd6880ddef7e/pathfinder_kingmaker_companion_tank_builds.pdf
    • https://uploads.strikinglycdn.com/files/ce5426cb-15fa-4d3a-a774-8876a8555d9d/what_is_philippine_constitution_summary.pdf
    • https://uploads.strikinglycdn.com/files/89d43e9a-3ad9-42ff-818c-08486228f703/xaseluxafadegisadusit.pdf
    • https://uploads.strikinglycdn.com/files/784c250e-6c1e-43c0-809b-41c8aa496034/41650060123.pdf
    • http://moxosutemow.onlinewebshop.net/52589165254.pdf
    • https://uploads.strikinglycdn.com/files/8ad040fc-4c3f-472c-95cf-9bc7b5fb1be7/how_to_uninstall_nvidia_audio_drivers.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.