Home / malwarePDF  

Trojan:PDF/Phish


First posted on 23 March 2017.
Source: Microsoft

Aliases :

There are no other names known for Trojan:PDF/Phish.

Explanation :

Installation

This threat is a .pdf file with a malformed hyperlink to phishing sites. It usually arrives as an attachment to spammed email messages.

When the link inside the infected .pdf file is clicked, it will connect to the following links:

  • hxxps://adbirdmedia.com/msb/home/index.php
  • hxxp://bit.ly/2lRkbzk
  • hxxp://bit.ly/2na7LqP
  • hxxp://bit.ly/Puking1
  • hxxps://gobeintl-pdhits.c9users.io/AUTH/365.HTML
  • hxxp://gt47jen.pw/rit.edu/docx/index.php
  • hxxp://u.to/vYjNDw
  • hxxp://ow.ly/vK85308Pe9W
  • hxxp://princeobinna.com/voice/voicemail.html
  • hxxp://redirect.hugebroly.com/
  • hxxp://tinyurl.com/hum98hg
  • hxxps://to.ly/17Pps
  • hxxp://www.office365upd.info/


Payload

Downloads malware onto your PC

This threat can download other malware software onto your PC, such as or similar to:
  • Ransomware (Cerber, Locky, and Milicry)
  • Infostealer (Ursnif and Fareit)






Analysis by Ferdinand Plazo

Last update 23 March 2017

 

TOP