PDF malware analysis — malicious · 3f831bdaec62bea3

MALICIOUS

PDF

45.8 KB Authoring application: Nitro PDF

MD5: 5b0da5ebc3531f2931e2bda89fa05431 SHA-1: b8ec8808a6d38ef17ea977b203d6991dd74b05db SHA-256: 3f831bdaec62bea3f28f28f46e981514b843314fb7167040e80afcd7863c1b7f

62 Risk Score

Malware Insights

MITRE ATT&CK

T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The file is a PDF document that contains multiple embedded URLs. The ClamAV heuristic identifies it as 'Pdf.Phishing.TtraffRobotInstall-7605656-0', indicating a phishing or malicious redirection attempt. The document body, though partially garbled, mentions 'free 4th grade reading worksheets pdf', suggesting a lure to trick users into clicking the embedded links, which all point to other PDF files hosted on external domains.

Heuristics 3

ClamAV: Pdf.Phishing.TtraffRobotInstall-7605656-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Phishing.TtraffRobotInstall-7605656-0
External URI info PDF_URI

PDF contains an external URL action
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
URL http://alchemyperfume.com/uploads/1/3/0/5/130588320/3865141.pdf
- http://mrmacbible.org/uploads/1/3/0/8/130873735/2387547.pdf
- http://cwhypnotherapy.com/uploads/1/3/0/5/130588971/f29f2672fa1a24.pdf
- http://sweetestdreams.org/uploads/1/3/0/8/130814360/130814360.html#free+4th+grade+reading+worksheets+pdf

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`font_00_sfnt_off00000fe4.bin` `9446668250e1baebbd27a5bd16d486fff4785f0cfa45b043e5b7d263267a6f62`	pdf-font-stream	PDF embedded font (sfnt) at offset 0xFE4	8316 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.