PDF malware analysis — malicious · 490558d6467489d2

MALICIOUS

PDF

37.7 KB Authoring application: Soda PDF

MD5: d86b457bd7d3e4b0a85368a892034ad3 SHA-1: e30b01a6de2da87557d3386a7d1f0630f9ec1642 SHA-256: 490558d6467489d2c024dd0327a9f7c89e110420e298cc54a0b3cdc426ec3ee4

92 Risk Score

Malware Insights

MITRE ATT&CK

T1566.002 Spearphishing Attachment T1204.002 Malicious File

The file is a PDF document detected as malicious by ClamAV and an ML classifier. It contains multiple embedded URLs pointing to other PDF files, suggesting a phishing or malware distribution campaign. The document body, though partially corrupted, contains references to these URLs and appears to be a lure. The primary attack pattern involves tricking the user into downloading further malicious content.

Machine Learning

Nyx PDF Classifier malicious score 0.9995

Heuristics 3

ClamAV: Pdf.Phishing.TtraffRobotInstall-7605656-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Phishing.TtraffRobotInstall-7605656-0
External URI info PDF_URI

PDF contains an external URL action
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
URL http://bigmindbigsoul.com/uploads/1/3/0/6/130604856/zonamomazisuxajat.pdf
- http://mrsjessinaanderson.com/uploads/1/3/0/4/130475981/libezu.pdf
- http://kentuckyroutezero.net/uploads/1/3/0/5/130545334/8195685.pdf
- http://ankezimmermann.ca/uploads/1/3/0/7/130740533/130740533.html#elementos+plasticos+de+una+imagen

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`font_00_sfnt_off00000fb7.bin` `c03f8d4b79af24531e7fffab9dff14a83b91597ac6072b11a8809d0f9de238fb`	pdf-font-stream	PDF embedded font (sfnt) at offset 0xFB7	8436 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.