Malicious PDF — malware analysis report

Static analysis result for SHA-256 2e08b8b960beac94…

MALICIOUS

PDF

291.7 KB Created: 2017-06-19 22:34:05 +03:00 Authoring application: Microsoft® Word 2016 First seen: 2021-01-23
MD5: 0b1c50b14e60b4bb3354544d1a5afb14 SHA-1: a75ef71855c7b53e8def6087fad1574a0e5345e3 SHA-256: 2e08b8b960beac94220a15e89c1033a4ba22bf81ea3d9cd0ec483bb675545136
64 Risk Score

Machine Learning

  • Nyx PDF Classifier clean score 0.0002

Heuristics 3

  • PDF link points directly to executable/archive payload critical PDF_DIRECT_PAYLOAD_LINK
    PDF contains a clickable HTTP(S) URI whose path ends in an executable, script, shortcut, disk image, or archive extension. Documents can legitimately link to installers, so this is a high-risk delivery indicator rather than a standalone exploit fingerprint.
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://dongphucviethung.vn/wp-includes/invoice.php PDF link annotation
    • http://kampfkunstschule-wuppertal.de/templates/system/Invoice-3891A.zipIn PDF document text
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
    • http://ns.adobe.com/pdf/1.3/In PDF document text
    • http://purl.org/dc/elements/1.1/In PDF document text
    • http://ns.adobe.com/xap/1.0/In PDF document text
    • http://ns.adobe.com/xap/1.0/mm/In PDF document text

Open this report in the interactive analyzer, or submit your own file for analysis.