Malicious PDF — malware analysis report

Static analysis result for SHA-256 6a6ce20566256286…

MALICIOUS

PDF

66.4 KB Created: 2025-02-05 16:29:23 -05:00 Authoring application: Adobe Acrobat 24.5 (via Adobe Acrobat 24.5 Image Conversion Plug-in)
MD5: a34a6d0b4be01773cb1ab791fae51833 SHA-1: 13539b1325f7219879488ee7da64d0731cf2f6c3 SHA-256: 6a6ce20566256286532087252340f5b8d47239d730e6d1ee321030d3e96cfbe2
62 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.001 User Execution: Malicious Link

The PDF was identified as an image-only lure, a common phishing technique where a screenshot is presented to trick the user into clicking a hidden malicious link. The heuristic 'PDF_IMAGE_LURE_SHORTENER_LINK' specifically flags the presence of a URL shortener, indicating an attempt to obscure the final destination. The primary IOC is the shortened URL, which likely leads to a malicious site.

Machine Learning

  • Nyx PDF Classifier clean score 0.0108

Heuristics 3

  • Image-only PDF lure links through URL shortener high PDF_IMAGE_LURE_SHORTENER_LINK
    PDF is image-heavy with little real text and its clickable action points to a URL shortener. This is a high-confidence credential-phishing carrier shape: the visible page is a screenshot-like prompt while the destination is hidden behind redirect infrastructure.
  • Image-only document with action trigger (screenshot lure) medium PDF_IMAGE_LURE
    PDF has 2 image(s), only 0 text block(s), carries a click-outward action, and is only 66 KB — typical shape of a phishing lure where a full-page screenshot hides a clickable button that launches or submits to an attacker URL.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://t.co/fCAF09zswz
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://ns.adobe.com/xap/1.0/
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://ns.adobe.com/xap/1.0/sType/ResourceEvent#
    • http://ns.adobe.com/pdf/1.3/

Extracted artifacts 3

Files carved from inside the sample during analysis.

FilenameKindSourceSize
font_00_cff_off00000a32.bin
1af5957cbc33d32dbaf52fdfb9028caac66a500cf583c3bd320fc3796d60ea91		 pdf-font-stream PDF embedded font (cff) at offset 0xA32 2304 bytes
font_01_cff_off000013bd.bin
3783b43e13a53ffec56388ac67bc3ce12846ec757aec864dff5c9dba6b2a3e6f		 pdf-font-stream PDF embedded font (cff) at offset 0x13BD 3965 bytes
font_02_cff_off000022cc.bin
f8e36cbddee2a32e1d8b6963048003aeca3e67ad129a1020c820940b9f3c1195		 pdf-font-stream PDF embedded font (cff) at offset 0x22CC 24237 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.