PDF malware analysis — malicious · 2aa9242ac68683a4

MALICIOUS

PDF

90.3 KB Created: 2020-01-07 06:55:52 Authoring application: pdf-parser First seen: 2026-06-27

MD5: 5e006b4d055d6e86b1f291898eb7f239 SHA-1: 35aa449e58f61cb6b849aeaf43a585a58fc22ab8 SHA-256: 2aa9242ac68683a4c41eb00914e1bce7f4e1e00758ed00a1c25a746fc37c2961

64 Risk Score

Machine Learning

Nyx PDF Classifier clean score 0.0874

Heuristics 3

ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
External URI info PDF_URI

PDF contains an external URL action
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
URL http://www.ascendercorp.com/ PDF link annotation
- http://www.ascendercorp.com/typedesigners.htmlPDF link annotation
- http://www.w3.org/1999/02/22-rdf-syntax-ns#PDF link annotation
- http://purl.org/dc/elements/1.1/PDF link annotation
- http://ns.adobe.com/pdf/1.3/PDF link annotation
- http://ns.adobe.com/xap/1.0/PDF link annotation
- http://ns.adobe.com/xap/1.0/mm/PDF link annotation
- http://ns.adobe.com/xap/1.0/rights/PDF link annotation
- http://scripts.sil.org/OFLPDF link annotation

Extracted artifacts 2

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`font_00_sfnt_off00012ac3.bin`	pdf-font-stream	PDF embedded font (sfnt) at offset 0x12AC3	4796 bytes
SHA-256: `077f05f6586c8f8140812d73821d05bd60097518dc2e83d7898076e90b69dcad`
`font_01_sfnt_off00013a74.bin`	pdf-font-stream	PDF embedded font (sfnt) at offset 0x13A74	10972 bytes
SHA-256: `c2a86977f33da6210d599f5d5023f362da779c8833e3487e9e3e64e2e0a5353a`

Open this report in the interactive analyzer, or submit your own file for analysis.