Malicious PDF — malware analysis report

Static analysis result for SHA-256 15177aa735b95083…

MALICIOUS

PDF

37.3 KB Authoring application: Pdftk First seen: 2021-01-23
MD5: 61e9f412ee5cc32126fda3dc8609868a SHA-1: 7c198d7779fa7e40a52d5847e494f963964e2707 SHA-256: 15177aa735b95083ed5c92046f95535e57ae625579c8e602e87f5127f5db23e6
94 Risk Score

Machine Learning

  • Nyx PDF Classifier malicious score 0.9998

Heuristics 3

  • ClamAV: Pdf.Phishing.TtraffRobotInstall-7605656-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.TtraffRobotInstall-7605656-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://pimaw.beabadocompositor.com/uploads/2020/01/28/xelawuj.pdf PDF link annotation
    • http://restoreand.com/uploads/1/3/0/2/130274199/4801439.pdfIn PDF document text
    • http://annalisaroger.green/uploads/1/3/0/5/130589411/jopazawadeloko.pdfIn PDF document text
    • http://tijuanadragones.com/uploads/1/3/0/3/130313525/535fb6659e4722b.pdfIn PDF document text
    • http://bridesewbeautiful.org/uploads/1/3/0/5/130545818/130545818.html#asbestos+cement+corrugated+sheetsIn PDF document text

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
font_00_sfnt_off0000102e.bin pdf-font-stream PDF embedded font (sfnt) at offset 0x102E 8676 bytes
SHA-256: 4f3f11bc0dd4ecf410e74def7a777ae1e9bb69d812e6b56399c6e6c93faccc3a