Malicious PDF — malware analysis report

Static analysis result for SHA-256 48813e84116cb074…

MALICIOUS

PDF

40.7 KB Authoring application: GIMP
MD5: 7c4248aea6699c94dcaf5b436e38a2a0 SHA-1: 636349aa445fc24cbf12cfbe034f09d890a94069 SHA-256: 48813e84116cb074bf5ca3df00c19008969fbe38c4e4ae4275ac71910b49f81d
62 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1059.001 PowerShell

The file is identified as malicious by ClamAV with the signature Pdf.Phishing.TtraffRobotInstall-7605656-0. Static analysis revealed multiple embedded URLs pointing to external PDF and HTML files, suggesting a phishing or social engineering attempt. The document body contains text related to 'Grinding wheel abrasive' and includes several URLs, reinforcing the phishing lure. No scripts were extracted from this sample.

Heuristics 3

  • ClamAV: Pdf.Phishing.TtraffRobotInstall-7605656-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.TtraffRobotInstall-7605656-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://velvetleafglobal.com/uploads/1/3/0/4/130483147/3475236.pdf
    • http://nascspirits.com/uploads/1/3/0/4/130435914/dolemuguta.pdf
    • http://marinaruss.net/uploads/1/3/0/3/130313484/forijabipowa.pdf
    • http://stellarvoice.org/uploads/1/3/0/5/130551239/wimabowezirovolenebi.pdf
    • http://paulmelton.net/uploads/1/3/0/6/130621557/sizek.pdf
    • http://antiviruseprotectserviceonline.site/uploads/1/3/0/8/130814992/130814992.html#grinding+wheel+abrasive

Extracted artifacts 3

Files carved from inside the sample during analysis.

FilenameKindSourceSize
font_00_sfnt_off00000ff6.bin
257b5cc5b464a2802cb72ac493aad8bcfb679a89d0677145f5e303c75ccfe5f4		 pdf-font-stream PDF embedded font (sfnt) at offset 0xFF6 8632 bytes
font_01_sfnt_off00004f3f.bin
41d5c9cb4d60b7530e3cfd93a78efd430fe179aa57a8296e74fb8a971da4b0ee		 pdf-font-stream PDF embedded font (sfnt) at offset 0x4F3F 2600 bytes
font_02_sfnt_off000057d0.bin
f31c439e28d0137206b91a151f21343900f846ed9ff070250fbe82eb1cc7da1d		 pdf-font-stream PDF embedded font (sfnt) at offset 0x57D0 16204 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.