Malicious PDF — malware analysis report

Static analysis result for SHA-256 3e24d049e1092e37…

MALICIOUS

PDF

3.3 KB Created: 2014-10-03 02:55:21 +00:00 Authoring application: DOMPDF
MD5: 93170e75b6e0208138f5866e1e429781 SHA-1: 7fabc2f87a205a70d4021cc80ebe96cda0f6b20b SHA-256: 3e24d049e1092e373606f9ceeb1ea133e879acc28c40cc5b9fe2212c721fdcda
60 Risk Score

Malware Insights

MITRE ATT&CK
T1204.002 Malicious File

The PDF file contains a critical heuristic firing indicating a direct payload link. The embedded URL 'http://disneysportsnews.com/wp-admin/www.rundisney.com' is suspicious and likely serves as a lure to download a malicious file. While the document body discusses a legitimate runDisney event, the presence of the direct payload link overrides this context.

Heuristics 2

  • PDF link points directly to executable/archive payload critical PDF_DIRECT_PAYLOAD_LINK
    PDF contains a clickable HTTP(S) URI whose path ends in an executable, script, shortcut, disk image, or archive extension. Documents can legitimately link to installers, so this is a high-risk delivery indicator rather than a standalone exploit fingerprint.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://disneysportsnews.com/wp-admin/www.rundisney.com
    • http://disneysportsnews.com/wp-admin/www.facebook.com/rundisney
    • http://www.twitter.com/runDisney

Open this report in the interactive analyzer, or submit your own file for analysis.