arrow_back
search
close

PDF_PHISH.AUSEHY

November 16, 2017
 Analysis by: Nikko Tamana
 ALIASES:

PDF/Phish.GDZ (FProtect), Trojan.PDF.Phish (Ikarus), Trojan.PDF.Phish.ph (Kaspersky) Troj/PDFUri-DHE (Sophos)

 PLATFORM:

Windows

 OVERALL RISK RATING:
 DAMAGE POTENTIAL:
 DISTRIBUTION POTENTIAL:
 REPORTED INFECTION:

  • Threat Type: Trojan

  • Destructiveness: No

  • Encrypted:

  • In the wild: Yes

  OVERVIEW


This Trojan arrives as an attachment to email messages spammed by other malware/grayware or malicious users.

However, as of this writing, the said sites are inaccessible.

  TECHNICAL DETAILS

File Size:

237478 bytes

File Type:

PDF

Initial Samples Received Date:

08 Nov 2017

Arrival Details

This Trojan arrives as an attachment to email messages spammed by other malware/grayware or malicious users.

Other Details

This Trojan connects to the following possibly malicious URL:

  • http://hyp{BLOCKED}rl.co/60wacr
  • http://supe{BLOCKED}ma.com/dbcrypts/dbcrypts/dbdrives/index.htm

However, as of this writing, the said sites are inaccessible.

NOTES:
This is the Trend Micro detection for PDF files which shows fake messages when opened. It requires user to click the image in the PDF file. Once clicked, it will access the said URLs.