Malicious PDF — malware analysis report

Static analysis result for SHA-256 40cdeb4bab9b9c29…

MALICIOUS

PDF

35.5 KB Authoring application: Solid Converter PDF
MD5: 449436cf49e9b89bccd87cc01b7fb34a SHA-1: ad25c74184267bd052cb138ceec7c17cc62a85c6 SHA-256: 40cdeb4bab9b9c29be6180bb716e19ac3f78719436362eb88e7849fcdcef25f4
82 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.001 User Execution: Malicious Link

The file is a PDF document identified by ClamAV as Pdf.Phishing.TtraffRobotInstall-7605656-0. Static analysis revealed multiple embedded URLs pointing to external resources, and a heuristic firing indicated a callback phishing lure. The document body, though partially corrupted, contains text related to 'Gta 5 money cheat xbox 360 story mode', likely a lure to engage the user. The combination of these factors strongly suggests a phishing attack designed to trick the user into interacting with malicious links or providing sensitive information via a callback.

Heuristics 4

  • ClamAV: Pdf.Phishing.TtraffRobotInstall-7605656-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.TtraffRobotInstall-7605656-0
  • Callback phishing phone lure medium SE_CALLBACK_LURE
    Document asks the user to call a phone number in billing, refund, subscription, fraud, or security context — consistent with callback phishing or tech-support scam patterns
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://x-staticapolefitness.com/uploads/1/3/0/6/130639990/2c1a8f56.pdf
    • http://montcoglass.com/uploads/1/3/0/2/130289311/gowolojekaragux_muzododozeto_zajujirewex.pdf
    • http://spreadbitcoins.com/uploads/1/3/0/2/130273842/1247616.pdf
    • http://blockchainambassador.ca/uploads/1/3/0/2/130272482/130272482.html#gta+5+money+cheat+xbox+360+story+mode

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
font_00_sfnt_off0000101d.bin
e47b71abb42a508d764a972a999727ce36b9f9486b3c2ece2e2b4fb6244b159d		 pdf-font-stream PDF embedded font (sfnt) at offset 0x101D 8428 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.