Malicious PDF — malware analysis report

Static analysis result for SHA-256 07bdaba0798c0dc2…

MALICIOUS

PDF

161.2 KB
MD5: 2703eafa1fcd7440d42e6e8931163bfe SHA-1: a5f84d408e6afea71e375da1fd891ade19ccbc78 SHA-256: 07bdaba0798c0dc2e195d3cc0b5db5cb64a29f2088352e10efee304e5306d382
62 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The primary heuristic indicates an advance-fee scam, suggesting the document's content is designed to trick the recipient into paying money for a non-existent prize or service. The presence of a callback lure heuristic further supports a phishing or scam attempt, likely aiming to solicit personal information or payment over the phone. No scripts were extracted, and the document body was unreadable, limiting further analysis.

Machine Learning

  • Nyx PDF Classifier clean score 0.0001

Heuristics 3

  • Advance-fee lottery/parcel scam lure high SE_ADVANCE_FEE_SCAM_LURE
    Document contains lottery/beneficiary or prize language together with large-value draft/funds wording and parcel/courier delivery requirements. This is a classic advance-fee fraud document shape.
  • Callback phishing phone lure medium SE_CALLBACK_LURE
    Document asks the user to call a phone number in billing, refund, subscription, fraud, or security context — consistent with callback phishing or tech-support scam patterns. Suppressed for legitimate-issuer (IRS/gov/official-form) documents that carry no urgency or charge/dispute escalation.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/

Extracted artifacts 3

Files carved from inside the sample during analysis.

FilenameKindSourceSize
font_00_cff_off00021586.bin
71cc5bfe890aeb1891f4b144f05291869928d21a2a6ffc2baffa6ea51eb0f1eb		 pdf-font-stream PDF embedded font (cff) at offset 0x21586 7759 bytes
font_01_cff_off0002301d.bin
83bfeb19b0c4845db32df4914d0b83fe1d3d21784ac5d9c0c916787b851525a4		 pdf-font-stream PDF embedded font (cff) at offset 0x2301D 329 bytes
font_02_cff_off00023191.bin
4495bfa4f490288f2356311821ee1c82e56512a1e4d591d552a43adcc6ba93a3		 pdf-font-stream PDF embedded font (cff) at offset 0x23191 2062 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.