PDF malware analysis — malicious · 21591b971588e72c

MALICIOUS

PDF

34.5 KB Authoring application: Inkscape

MD5: 42874cb9a540972f8c2c9c00067faedb SHA-1: ba07802a1c10ebea35e62329e54924c9a115b368 SHA-256: 21591b971588e72c60dcc66c263951cadac978b37cd01a434732bfbf445b2343

62 Risk Score

Malware Insights

MITRE ATT&CK

T1566.002 Spearphishing Attachment

The PDF document contains text impersonating an educational institution, providing a fake exam date sheet to entice the user. It also embeds multiple URLs pointing to other PDF files, suggesting a phishing or credential harvesting campaign. The ClamAV detection 'Pdf.Phishing.TtraffRobotInstall-7605656-0' further supports the phishing classification.

Heuristics 3

ClamAV: Pdf.Phishing.TtraffRobotInstall-7605656-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Phishing.TtraffRobotInstall-7605656-0
External URI info PDF_URI

PDF contains an external URL action
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
URL http://fnvv.com/uploads/1/3/0/3/130324350/f979e1.pdf
- http://sadityyou.com/uploads/1/3/0/6/130639024/dutori-kozol-budilures.pdf
- http://welapunag.villa-almarin.ru/uploads/2020/01/29/fa6107e21823b.pdf
- http://mlhas.com/uploads/1/3/0/6/130620943/lusatabixo.pdf
- http://xipogi.teleconom.info/uploads/2020/01/29/nofikofowa-gujesipijevo-weret-mojib.pdf
- http://advance-it.net/uploads/1/3/0/6/130620861/130620861.html#class+10th+board+exam+date+sheet+2020

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`font_00_sfnt_off00001073.bin` `0920c27bdee30631b46518e702087abcf9a57cd15cf62844481e807e48b2eee2`	pdf-font-stream	PDF embedded font (sfnt) at offset 0x1073	8084 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.