PDF malware analysis — malicious · 11e5222e5fb0b712

MALICIOUS

PDF

153.9 KB Authoring application: pstoedit

MD5: 16f4d7d3b4116fdd582276d132b6469c SHA-1: 763e4c15fdfd9ac87edd9b078597cc717070e65b SHA-256: 11e5222e5fb0b7124519e15786828c4ce5b7841d6fe39fe4cca8366594d71bf5

94 Risk Score

Malware Insights

MITRE ATT&CK

T1566.001 Spearphishing Attachment

The file is identified as malicious by multiple heuristics, including a ClamAV detection for 'Pdf.Phishing.TtraffRobotInstall-7605656-0'. It contains an embedded URL pointing to a PDF file, suggesting a phishing or malware distribution attempt. The ML classifier also strongly indicates maliciousness.

Machine Learning

Nyx PDF Classifier malicious score 0.9975

Heuristics 3

ClamAV: Pdf.Phishing.TtraffRobotInstall-7605656-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Phishing.TtraffRobotInstall-7605656-0
External URI info PDF_URI

PDF contains an external URL action
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
URL http://djmichaelsimon.com/uploads/1/3/0/2/130289375/253da6cfe.pdf
- http://redbarhalifax.com/uploads/1/3/0/2/130291769/zuvulobolarivaxad.pdf
- http://www.thebiocompatibledentist.com/uploads/1/3/0/8/130815192/dewawelilir.pdf
- http://danielstorage.com/uploads/1/3/0/6/130640182/mizakejosej_resalezotofe_wakupo_tuzowoju.pdf
- http://mkemotorsports.net/uploads/1/3/0/6/130639781/013f63.pdf
- http://stop-n-smelltheflowers.com/uploads/1/3/0/2/130270931/mezefezojijave-mepijulijar-jataxit.pdf
- http://mta-sts.mail.koenvrij.com/uploads/1/3/0/5/130588798/19eba03c0fd4232.pdf
- http://talltowergames.com/uploads/1/3/0/2/130272420/jenezirev_busuzinoxi_tewalose_zuzexalu.pdf
- http://broodjesboke.com/uploads/1/3/0/4/130476976/sipozaroruro_dimumug_jaxesofumak.pdf
- http://globalriskexchange.org/uploads/1/3/0/4/130489097/9256382.pdf
- http://www.getbetterbaseball.com/uploads/1/3/0/6/130639123/xejok.pdf
- http://cringlebarltd.com/uploads/1/3/0/2/130272477/4179919.pdf
- http://apartmentgems.com/uploads/1/3/0/4/130477864/5387586.pdf
- http://lamas.digital/uploads/1/3/0/5/130543868/5eac926ba898d.pdf
- http://northernpacificbuilder.com/uploads/1/3/0/7/130776483/lurexumilox.pdf
- http://readyplayerone.store/uploads/1/3/0/6/130620882/gubisajep_jujen_nukiza.pdf
- http://cultcom.ch/uploads/1/3/0/5/130588594/disarodebifaxes-jajumepofi-luvozuxe.pdf
- http://hmsyearbook.com/uploads/1/3/0/7/130739479/zasorawulono-guxonarima-givedoxewobuz-gagawivor.pdf
- http://readingrabbit.ca/uploads/1/3/0/6/130620679/700fc0c950834.pdf
- http://74-123-73-117.mgwnet.com/uploads/1/3/0/6/130621071/3800285.pdf
- http://waynespaintingservices.com/uploads/1/3/0/8/130814575/1d3b8026.pdf
- http://writelifecoaching.com/uploads/1/3/0/6/130620685/rudofegifeve-tifeberoxamuti-jixusivomebadar.pdf
- http://mail.michelleperryhorn.com/uploads/1/3/0/6/130620965/e6a2d1bf967c0df.pdf
- http://sixtarubio.com/uploads/1/3/0/2/130270913/130270913.html#shiva+tandava+stotram+lyrics+in+malayalam+pdf
- https://savannah.gnu.org/projects/freefont/
- http://www.gnu.org/licenses/
- http://www.gnu.org/copyleft/gpl.html
- http://dejavu.sourceforge.net
- http://dejavu.sourceforge.net/wiki/index.php/License

Extracted artifacts 3

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`font_00_sfnt_off0000614c.bin` `d071698edbe4bae94917ac68b43aa4a177137a64a3af73c58fdfe160e392e263`	pdf-font-stream	PDF embedded font (sfnt) at offset 0x614C	45444 bytes
`font_01_sfnt_off0000db4a.bin` `0ce75452dc9c134e989c297a423e8616745feb4a4b45868b7eb4efe40dfbc681`	pdf-font-stream	PDF embedded font (sfnt) at offset 0xDB4A	7760 bytes
`font_02_sfnt_off00021c04.bin` `ca889182d22413b1a5b6446cd5d954c095bfc2c8b2fec1022b19199100617195`	pdf-font-stream	PDF embedded font (sfnt) at offset 0x21C04	16028 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.