PDF malware analysis — malicious · 386c8ec241be9258

MALICIOUS

PDF

24.1 KB

MD5: bbb040251695b676a319e4d095bbd04d SHA-1: ba6532fa069f21755f1dfc7b7c19dc59ccdf0026 SHA-256: 386c8ec241be925807720d036ea3372878ce9eb73e872e9f299d9ab27cd3baf0

62 Risk Score

Malware Insights

MITRE ATT&CK

T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF file is identified as an image-only lure, typical for phishing attacks. It contains a link to a file-hosting service, which is flagged as a download lure. While the linked URL itself is marked as benign, the overall pattern suggests an attempt to deliver a secondary payload. No scripts were extracted, and the document body was not readable.

Machine Learning

Nyx PDF Classifier clean score 0.0007

Heuristics 3

Image/button lure links to file-hosting download high PDF_FILE_HOSTING_DOWNLOAD_LURE

PDF is an image-only or near-image-only lure with a clickable action to a public file-hosting download endpoint. This is a common malware delivery pattern: the visible page is just a screenshot/button, while the real payload is fetched from the external hosting service.
Image-only document with action trigger (screenshot lure) medium PDF_IMAGE_LURE

PDF has 2 image(s), only 0 text block(s), carries a click-outward action, and is only 24 KB — typical shape of a phishing lure where a full-page screenshot hides a clickable button that launches or submits to an attacker URL.
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.

URL https://www.mediafire.com/file/mcdujvx0ebrr80g/6.ppam/file

Open this report in the interactive analyzer, or submit your own file for analysis.