PDF malware analysis — malicious · 21ca9831b205662d

MALICIOUS

PDF

MD5: c75a7eb9ba2a46ccf3ea733df58dd1ac SHA-1: 3bcc960c390ff2f32e0713960b09028e23a83305 SHA-256: 21ca9831b205662d5abd155650f34f89b60e13531e178af2dbb1ae317a0f4e16

60 Risk Score

Machine Learning

Nyx PDF Classifier clean score 0.0390

Heuristics 2

PDF link points directly to executable/archive payload critical PDF_DIRECT_PAYLOAD_LINK

PDF contains a clickable HTTP(S) URI whose path ends in an executable, script, shortcut, disk image, or archive extension. Documents can legitimately link to installers, so this is a high-risk delivery indicator rather than a standalone exploit fingerprint.
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.

URL http://agropole.tg/oyyldsokut/oyyldsokut.zip

Extracted artifacts 5

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`font_00_cff_off00000704.bin` `321e7c1033e1f2d21a39e55764be64c5b600a25ef08997d0815b6c94fe4f25cf`	pdf-font-stream	PDF embedded font (cff) at offset 0x704	2587 bytes
`font_01_cff_off00002c2e.bin` `edb617c123f49533789229e253b0ed4b762c942ee8b361ae2a51c5de64c039f5`	pdf-font-stream	PDF embedded font (cff) at offset 0x2C2E	539 bytes
`font_02_cff_off0000495d.bin` `ad94c8d0782a8d4ff4712e2208c4cd4a24e4055c5ba482e5ef060cdc240d7d50`	pdf-font-stream	PDF embedded font (cff) at offset 0x495D	3497 bytes
`font_03_cff_off00007217.bin` `7aba96ca5b702ebea26fcfaab297fed56fcab65245720eb40758c8ee684af466`	pdf-font-stream	PDF embedded font (cff) at offset 0x7217	633 bytes
`font_04_cff_off00008fb6.bin` `b0f74c1d3f8de6411025fe4536ea7097b9f7300348af5ef4c63b64681bbab0e5`	pdf-font-stream	PDF embedded font (cff) at offset 0x8FB6	1340 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.