Malicious PDF — malware analysis report

Static analysis result for SHA-256 448053ba7f4d8f9b…

MALICIOUS

PDF

35.7 KB Authoring application: Adobe PDF Library 9.0
MD5: b3fffd145a3de8fa16b34ee40bf65086 SHA-1: 3dbb78c7fc5657bd8293453b6444155569bcf8b0 SHA-256: 448053ba7f4d8f9b7c2cba338a667b2955ad6f6baae7f1c1de8cae1f75456ca2
92 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell

The PDF contains an embedded URI pointing to a suspicious external URL, which was flagged by heuristics and ClamAV as malicious. The ML classifier also indicated a high probability of maliciousness. The document body, though heavily obfuscated, contains references to the malicious URL, suggesting a phishing or malware distribution attempt.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9931

Heuristics 3

  • ClamAV: Pdf.Phishing.TtraffRobotInstall-7605656-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.TtraffRobotInstall-7605656-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://colorfulmindsaustin.net/uploads/1/3/0/3/130323743/5681453.pdf
    • http://paytonglobetrotters.weebly.com/uploads/1/3/0/5/130538923/zutimenugavisa.pdf
    • http://moxiemerchdesign.com/uploads/1/3/0/5/130547924/47fe6c9d5f785a.pdf
    • http://carpetcleancary.com/uploads/1/3/0/6/130603890/130603890.html#jingle+bells+rock+sheet+music+piano

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
font_00_sfnt_off00001010.bin
2b21a3c82543870e69635d508ba7ed47e894f3ce7fd3843aba2b9405b6549a33		 pdf-font-stream PDF embedded font (sfnt) at offset 0x1010 9600 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.