Malicious PDF — malware analysis report

Static analysis result for SHA-256 4b2b59048eef0ead…

MALICIOUS

PDF

43.6 KB Authoring application: PDFBox
MD5: 4a559ad54c5338c19c19604f7fb0ad73 SHA-1: 1d2bf084d0a38702cfcb82717df6446b697c3b1a SHA-256: 4b2b59048eef0ead191451598a86cd37d37da77489161f403b0c801ed3d14537
62 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious File

The ClamAV heuristic identified this PDF as 'Pdf.Phishing.TtraffRobotInstall-7605656-0', indicating a phishing attempt. The document body contains multiple embedded URLs that likely lead to further malicious content or downloads. The presence of these URLs and the ClamAV detection strongly suggest a phishing attack designed to trick users into downloading malicious files.

Heuristics 3

  • ClamAV: Pdf.Phishing.TtraffRobotInstall-7605656-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.TtraffRobotInstall-7605656-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://northidahostrainedhorses.com/uploads/1/3/0/3/130323209/suwebefuli-tatotubu-fojuxos.pdf
    • http://sachikonakamura.org/uploads/1/3/0/3/130379757/vufor_vuloxiduti_sesakasenez.pdf
    • http://nerdwizardartist.com/uploads/1/3/0/6/130639980/buginupulani.pdf
    • http://neokundalini.org/uploads/1/3/0/6/130639714/130639714.html#apa+style+research+paper+format+sample

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
font_00_sfnt_off000011e1.bin
4dacb9b972bf573ae4b7dcf5010caad2ae89238af762fafe13c134f4c26114e0		 pdf-font-stream PDF embedded font (sfnt) at offset 0x11E1 8524 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.