PDF malware analysis — malicious · 31ed31195b38d49a

MALICIOUS

PDF

174.7 KB Created: 2016-02-08 18:12:05 Authoring application: Microsoft® Office Word 2007

MD5: 948d83f628f5e531bbd142590b41d7c9 SHA-1: 752eece5113ec479dfbea46234c085f33cd956d4 SHA-256: 31ed31195b38d49af42db88eaa4d0429ebbe09b2fdc973c3bdb02fe128194fe0

120 Risk Score

Malware Insights

MITRE ATT&CK

T1566.001 Spearphishing Attachment T1204.001 User Execution: Malicious Link T1059.001 PowerShell

The critical ClamAV heuristic indicates this PDF is a known dropper. The advance-fee scam lure and callback phishing heuristic strongly suggest a social engineering pretext to trick the user into interacting with the malicious content. The document body, though heavily obfuscated, contains elements consistent with these lures. The primary intent appears to be delivering a secondary payload via the dropper functionality.

Heuristics 3

ClamAV: Pdf.Dropper.Agent-7246431-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Dropper.Agent-7246431-0
Advance-fee lottery/parcel scam lure high SE_ADVANCE_FEE_SCAM_LURE

Document contains lottery/beneficiary or prize language together with large-value draft/funds wording and parcel/courier delivery requirements. This is a classic advance-fee fraud document shape.
Callback phishing phone lure medium SE_CALLBACK_LURE

Document asks the user to call a phone number in billing, refund, subscription, fraud, or security context — consistent with callback phishing or tech-support scam patterns

Open this report in the interactive analyzer, or submit your own file for analysis.