Malicious PDF — malware analysis report

Static analysis result for SHA-256 341632ac20540dcd…

MALICIOUS

PDF

60.7 KB Created: 2023-05-10 12:47:19 +03:00 Authoring application: iTextSharp’ 5.5.10 ©2000-2016 iText Group NV (AGPL-version)
MD5: f42544fe0db583e4b836e4b8cfc52802 SHA-1: 7b621dcaabd1f833f8381bbe9cc8898dd09c95b2 SHA-256: 341632ac20540dcdf4dd6cf6675503e6db3e2f513e39bb1c99d4603e06cc8c9d
62 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1204.002 Malicious Link

The PDF document contains a direct link to a ZIP archive hosted on 'inspiratour.co.id'. The heuristic 'PDF_DIRECT_PAYLOAD_LINK' confirms this link points to an executable or archive. This indicates a likely attempt to trick the user into downloading and running a malicious payload, commonly seen in phishing campaigns.

Machine Learning

  • Nyx PDF Classifier clean score 0.0415

Heuristics 2

  • PDF link points directly to executable/archive payload critical PDF_DIRECT_PAYLOAD_LINK
    PDF contains a clickable HTTP(S) URI whose path ends in an executable, script, shortcut, disk image, or archive extension. Documents can legitimately link to installers, so this is a high-risk delivery indicator rather than a standalone exploit fingerprint.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://inspiratour.co.id/tsopexfzrf/tsopexfzrf.zip

Extracted artifacts 5

Files carved from inside the sample during analysis.

FilenameKindSourceSize
font_00_cff_off0000070b.bin
321e7c1033e1f2d21a39e55764be64c5b600a25ef08997d0815b6c94fe4f25cf		 pdf-font-stream PDF embedded font (cff) at offset 0x70B 2587 bytes
font_01_cff_off00002c35.bin
edb617c123f49533789229e253b0ed4b762c942ee8b361ae2a51c5de64c039f5		 pdf-font-stream PDF embedded font (cff) at offset 0x2C35 539 bytes
font_02_cff_off00004964.bin
ad94c8d0782a8d4ff4712e2208c4cd4a24e4055c5ba482e5ef060cdc240d7d50		 pdf-font-stream PDF embedded font (cff) at offset 0x4964 3497 bytes
font_03_cff_off0000721e.bin
7aba96ca5b702ebea26fcfaab297fed56fcab65245720eb40758c8ee684af466		 pdf-font-stream PDF embedded font (cff) at offset 0x721E 633 bytes
font_04_cff_off00008fbd.bin
b0f74c1d3f8de6411025fe4536ea7097b9f7300348af5ef4c63b64681bbab0e5		 pdf-font-stream PDF embedded font (cff) at offset 0x8FBD 1340 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.