Malicious PDF — malware analysis report

Static analysis result for SHA-256 46b1a29facfca5f8…

MALICIOUS

PDF

40.4 KB Authoring application: Nitro PDF
MD5: c327339e486dc32945df6852b2ee1056 SHA-1: 66085e79e9f4df961e7574dcf6c28d231561c949 SHA-256: 46b1a29facfca5f8b730792168d9e8f4c613b485c00bdfae4fd567dc035a042c
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The file is a PDF document that contains multiple embedded URLs. The ClamAV detection and ML classifier strongly indicate maliciousness. The embedded URLs likely lead to further malicious content, such as phishing pages or malware downloads, consistent with a phishing or social engineering attack. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9997

Heuristics 3

  • ClamAV: Pdf.Phishing.TtraffRobotInstall-7605656-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.TtraffRobotInstall-7605656-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://practicaaudaz.com/uploads/1/3/0/6/130620346/wepivap.pdf
    • http://sacred-journeys.net/uploads/1/3/0/6/130621932/3213473.pdf
    • http://xor.sietefjeans.com/uploads/2020/01/27/sojazi.pdf
    • http://vari.onlinespace.tech/uploads/2020/01/27/3323195.pdf
    • http://appurvagoel.com/uploads/1/3/0/4/130476244/9958609.pdf
    • http://shardexplorers.com/uploads/1/3/0/5/130543568/130543568.html#aukey+bluetooth+speaker+manual

Extracted artifacts 3

Files carved from inside the sample during analysis.

FilenameKindSourceSize
font_00_sfnt_off0000104a.bin
7a0356f81ebbb4a11988d82be2cb99e8f6c690de96aca2410c90294554fe321a		 pdf-font-stream PDF embedded font (sfnt) at offset 0x104A 8556 bytes
font_01_sfnt_off000054aa.bin
3d52fc27d04b8b84b219df719738f768697e09c2050136bc1fe69fcddf4eca6e		 pdf-font-stream PDF embedded font (sfnt) at offset 0x54AA 2652 bytes
font_02_sfnt_off00005d5f.bin
b64d6741cfec0aad0865d017b05e0e1fb7b4a6100249b802a3843c97d8d05181		 pdf-font-stream PDF embedded font (sfnt) at offset 0x5D5F 4552 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.