PDF malware analysis — malicious · 459b97ddc3380c06

MALICIOUS

PDF

35.8 KB Authoring application: OpenOffice Draw

MD5: 2810e2f1d57a14a825801eaeb7f3b5d7 SHA-1: 3ed412ae0c2b02fa4ff506bf887b213cfcb88281 SHA-256: 459b97ddc3380c06a83e3e54e50520dc66580b355f40039d48d636e7b5277f12

94 Risk Score

Malware Insights

MITRE ATT&CK

T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The file is a PDF document that contains embedded links to external resources. The ClamAV detection 'Pdf.Phishing.TtraffRobotInstall-7605656-0' and the ML classifier strongly indicate malicious intent, likely phishing or malware distribution. The embedded URLs are the primary indicators of compromise, suggesting the document is designed to trick users into visiting malicious sites or downloading further malicious content.

Machine Learning

Nyx PDF Classifier malicious score 0.9995

Heuristics 3

ClamAV: Pdf.Phishing.TtraffRobotInstall-7605656-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Phishing.TtraffRobotInstall-7605656-0
External URI info PDF_URI

PDF contains an external URL action
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
URL http://muskegonapostolic.com/uploads/1/3/0/7/130739839/defibugej_devasojak.pdf
- http://westshoreprojects.com/uploads/1/3/0/2/130289724/1425272.pdf
- https://mabideri.weebly.com/uploads/1/3/0/5/130550846/1204902.pdf
- http://nupelicanparty.org/uploads/1/3/0/6/130621850/130621850.html#lagu+barisan+para+mantan+cover

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`font_00_sfnt_off00000fb5.bin` `b283530d709ae151e24baaac96b5b9daaf9fc8c0d56340602a928d524f1b6414`	pdf-font-stream	PDF embedded font (sfnt) at offset 0xFB5	7988 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.