Malicious PDF — malware analysis report

Static analysis result for SHA-256 fedd2e8f54714b86…

MALICIOUS

PDF

47.8 KB Created: 2021-08-09 21:16:29 +03:00 Authoring application: wkhtmltopdf 0.12.5 (via Qt 5.11.3) First seen: 2021-10-05
MD5: 2d5fcaf0e6bffe29deede019c38fadda SHA-1: 78645d9e1722ae30e239dd1df4cabcaadb6c7980 SHA-256: fedd2e8f54714b864c82556ed3b7f9cc71f7cf4047d151512d57e907213c6deb
64 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The file was identified as malicious by ClamAV with a specific signature indicating it is a phishing trojan. It contains an embedded URI that points to a URL, likely intended to lure the user into clicking it. Although no scripts were explicitly extracted, the PDF structure and the presence of an external URI suggest an attempt to redirect the user to a malicious site, potentially for credential harvesting or further malware delivery.

Machine Learning

  • Nyx PDF Classifier suspicious score 0.4199

Heuristics 3

  • ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://feedproxy.google.com/~r/skout/mBVl/~3/S30rS-6n6vg/uplcv?utm_term=important+days+2021 PDF link annotation