Malicious PDF — malware analysis report

Static analysis result for SHA-256 1f7ffb0a6a58be3e…

MALICIOUS

PDF

235.0 KB Created: 2023-07-27 07:23:21 +03:00 Authoring application: iText® Core 7.2.5 (AGPL version) ©2000-2023 iText Group NV
MD5: ede339007fe74df17f40383dbe239e0b SHA-1: 06f3ee169180266cf6b4425eae785dc6295aa7ac SHA-256: 1f7ffb0a6a58be3ea87b8604e61ea0bc5372cfdeabf8f92efab2371e42e45338
60 Risk Score

Machine Learning

  • Nyx PDF Classifier suspicious score 0.3285

Heuristics 2

  • PDF link points directly to executable/archive payload critical PDF_DIRECT_PAYLOAD_LINK
    PDF contains a clickable HTTP(S) URI whose path ends in an executable, script, shortcut, disk image, or archive extension. Documents can legitimately link to installers, so this is a high-risk delivery indicator rather than a standalone exploit fingerprint.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://files.catbox.moe/l12gwe.zip

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
icc_00_off0003a69a.icc
7e1c7ec53e8ea35fed3e169dee62115ac045f26c7bc256fab16a5c26c29eacbd		 pdf-icc-profile PDF ICC profile at offset 0x3A69A 548 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.