Malicious PDF — malware analysis report

Static analysis result for SHA-256 4ece15fc34f65cd3…

MALICIOUS

PDF

48.5 KB Authoring application: Inkscape
MD5: 50d7b7bfd42ea9327c7616b69585829d SHA-1: 0ed04ba9346b1ddc56c77219258b262c36417af9 SHA-256: 4ece15fc34f65cd347f124ce364ea5e26afc813bc0128d935a5112415cb62c2c
62 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment

The file is a PDF document that contains multiple embedded URLs. The ClamAV heuristic 'Pdf.Phishing.TtraffRobotInstall-7605656-0' strongly suggests a phishing intent. The embedded URLs likely serve as lures to download further malicious content, such as additional PDFs or executables, which is a common phishing tactic.

Heuristics 3

  • ClamAV: Pdf.Phishing.TtraffRobotInstall-7605656-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.TtraffRobotInstall-7605656-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://nextbillionventures.com/uploads/1/3/0/6/130621277/nogekitibiputawiji.pdf
    • http://usamwv.com/uploads/1/3/0/4/130483155/sisesimexexumor_jiwagodoril_dowov_nepul.pdf
    • http://stjeromewestchester.org/uploads/1/3/0/3/130312976/633675e.pdf
    • http://sylvainladouceur.com/uploads/1/3/0/4/130477775/mumavagomarogavu.pdf
    • http://gumexiv.ted4mail.com/uploads/2020/01/28/6442cc45.pdf
    • http://bartolomeilaw.com/uploads/1/3/0/6/130621283/130621283.html#bhojpuri+dance+songs+free

Extracted artifacts 3

Files carved from inside the sample during analysis.

FilenameKindSourceSize
font_00_sfnt_off0000122e.bin
d83c7799de271daf58ec201dfe3e6740d4f5efd05564ac53031d09df37d200a7		 pdf-font-stream PDF embedded font (sfnt) at offset 0x122E 7864 bytes
font_01_sfnt_off00005af9.bin
598b436daaf3d122157f8aae4d95cb5f98998d7541b527c84c982bd0659a624f		 pdf-font-stream PDF embedded font (sfnt) at offset 0x5AF9 16888 bytes
font_02_sfnt_off000072a4.bin
6180729d9e8b3eee9824bc1c3d1999a861bb24c2475a5c2a338b39370c3c0f56		 pdf-font-stream PDF embedded font (sfnt) at offset 0x72A4 9656 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.