Malicious PDF — malware analysis report

Static analysis result for SHA-256 41c11a257422c9bf…

MALICIOUS

PDF

298.2 KB Created: 2017-10-11 19:20:31 +01:00 Authoring application: Microsoft® Word 2010
MD5: 95df7849e6a1f8c712e9f525bcf81b07 SHA-1: b9794c359650b4dabf45ea507041c22e607bb402 SHA-256: 41c11a257422c9bf3dda498557d1883495e0c8499ffb95c61bb6547fd3311cf4
108 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The critical ClamAV heuristic 'Pdf.Dropper.Agent-7254329-0' and the high heuristic 'SE_ADVANCE_FEE_SCAM_LURE' strongly indicate a malicious document. The advance-fee scam lure suggests the document's purpose is to defraud the recipient. The extracted mailto URI is likely part of the scam's contact information.

Machine Learning

  • Nyx PDF Classifier clean score 0.0069

Heuristics 3

  • ClamAV: Pdf.Dropper.Agent-7254329-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7254329-0
  • Advance-fee lottery/parcel scam lure high SE_ADVANCE_FEE_SCAM_LURE
    Document contains lottery/beneficiary or prize language together with large-value draft/funds wording and parcel/courier delivery requirements. This is a classic advance-fee fraud document shape.
  • External URI low PDF_URI
    PDF contains an external URL action

Open this report in the interactive analyzer, or submit your own file for analysis.