Malicious PDF — malware analysis report

Static analysis result for SHA-256 20e5756039499fe5…

MALICIOUS

PDF

1.79 MB Created: 2024-02-01 23:43:34 +00:00 Authoring application: Chromium (via Skia/PDF m120)
MD5: ce5c413a4b8ba102978f796fd14886d2 SHA-1: 18475e2bb0b168b2809daa736c75b537df62bd30 SHA-256: 20e5756039499fe5a89eadf7e242d3b9f7a4bf774dc9ad6ba66bfc3b8ba30e8d
60 Risk Score

Machine Learning

  • Nyx PDF Classifier clean score 0.0714

Heuristics 2

  • Invisible/repeated PDF links deliver payload file critical PDF_REPEATED_PAYLOAD_LINK_LURE
    PDF uses invisible link annotations and points to a direct payload download. Repeated invisible links or lure-like payload names such as document/unlock/verify archives match malware-delivery PDF carriers where the page is only a prompt and the real payload is fetched from the linked URL.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://github.com/thecoolest63/frms/raw/main/Doc_Unlock.zip

Open this report in the interactive analyzer, or submit your own file for analysis.