Malicious PDF — malware analysis report

Static analysis result for SHA-256 0bfb4ef49e8043ea…

MALICIOUS

PDF

51.1 KB
MD5: 9a211d74457aa871e953b1f3e9747488 SHA-1: 356ba1d838e6788c9f9fea4efa47b1678b32524e SHA-256: 0bfb4ef49e8043ea7575aa5a96eba440abaee2316b7120c340ff7236765f4af9
82 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF document is identified as a lure, containing a screenshot image and invisible links designed to trick the user into clicking. The primary heuristic indicates repeated, invisible payload links pointing to 'https://livespoints.com/sso.dsv.com', strongly suggesting this is a phishing or malware distribution attempt. No scripts were extracted, but the structure points to a classic phishing lure.

Machine Learning

  • Nyx PDF Classifier clean score 0.0010

Heuristics 3

  • Invisible/repeated PDF links deliver payload file critical PDF_REPEATED_PAYLOAD_LINK_LURE
    PDF uses invisible link annotations and points to a direct payload download. Repeated invisible links or lure-like payload names such as document/unlock/verify archives match malware-delivery PDF carriers where the page is only a prompt and the real payload is fetched from the linked URL.
  • Image-only document with action trigger (screenshot lure) medium PDF_IMAGE_LURE
    PDF has 2 image(s), only 1 text block(s), carries a click-outward action, and is only 51 KB — typical shape of a phishing lure where a full-page screenshot hides a clickable button that launches or submits to an attacker URL.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://livespoints.com/sso.dsv.com

Extracted artifacts 3

Files carved from inside the sample during analysis.

FilenameKindSourceSize
stream_009_off0000b296.bin
f1d155ae14867a462110e725073817f23ab65d445f2890e5d4b7ddc31da5ccf8		 decompressed-pdf-stream PDF FlateDecoded stream at offset 0xB296 17932 bytes
icc_00_off0000a590.icc
4e361b7984c38b4574c1153fdc1b1df9f591b133fc156e1112f310213524e657		 pdf-icc-profile PDF ICC profile at offset 0xA590 3540 bytes
font_00_cff_off0000aed9.bin
a775dfb479bd9b722f04543c50ce59ff5e9e940843bd9281c7d05702c1327462		 pdf-font-stream PDF embedded font (cff) at offset 0xAED9 1115 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.