Malicious PDF — malware analysis report

Static analysis result for SHA-256 23cf241b293bd0b1…

MALICIOUS

PDF

28.5 KB Authoring application: PDF Studio
MD5: fee9ddc7479d4a256a051e77f0e25a2d SHA-1: 1d3d7b4094b3c3416075da7a37e52837e3bcec3f SHA-256: 23cf241b293bd0b1b3aaa852621d2f15d78785a4995138990fc8dfd97bb40684
62 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The file is a PDF document that contains multiple embedded URLs. The ClamAV heuristic 'Pdf.Phishing.TtraffRobotInstall-7605656-0' strongly suggests a phishing or malicious redirection intent. The embedded URLs likely lead to further malicious content or phishing pages, aiming to trick the user into downloading or interacting with harmful files.

Heuristics 3

  • ClamAV: Pdf.Phishing.TtraffRobotInstall-7605656-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.TtraffRobotInstall-7605656-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://totahr.com/uploads/1/3/0/5/130541188/mamanosisisuw.pdf
    • http://moneygramvnvn.com/uploads/1/3/0/5/130551943/zupuxovolime.pdf
    • http://walkaboutfarmfurniture.com/uploads/1/3/0/5/130590366/wofewupadosodi-vasujimoluvukaf-donolapofapowed-zexisebinunex.pdf
    • http://ankezimmermann.ca/uploads/1/3/0/4/130476514/130476514.html#infowood+7.2+t%C3%BCrk%C3%A7e+mobilya+tasar%C4%B1m+program%C4%B1

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
font_00_sfnt_off000011e2.bin
c851bea0b020c866a6008e71f97bd849e8f954e846bdab85c92135405029b2c9		 pdf-font-stream PDF embedded font (sfnt) at offset 0x11E2 8948 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.