PDF malware analysis — malicious · 53393e9b6f989419

MALICIOUS

PDF

200.8 KB Authoring application: PyPDF2

MD5: 332880fe7375bbcbd6a4fb4ab3803444 SHA-1: 81054a0d087b38dbb3af108f1528e0b0286c2079 SHA-256: 53393e9b6f98941977dad0304668572fa9174313f29b857c7a6b6432623fafec

90 Risk Score

Malware Insights

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment T1204.002 Malicious Link

The PDF file utilizes an image-only lure, a common phishing tactic to trick users into interacting with a hidden clickable element. The heuristic 'PDF_ESCAPED_URI_IMAGE_LURE' specifically identifies a malicious URL embedded within the PDF, which is likely intended to redirect the user to a compromised site for further exploitation. The ML classifier also strongly indicates malicious intent.

Machine Learning

Nyx PDF Classifier malicious score 0.8485

Heuristics 2

Image-heavy PDF hides clickable URL with PDF string escapes high PDF_ESCAPED_URI_IMAGE_LURE

PDF is image-heavy with little real text and its clickable HTTP(S) URI is encoded with PDF octal escapes. This combination is common in credential-phishing PDFs that render a screenshot-like prompt and obscure the destination from simple URL extractors.
Image-only document with action trigger (screenshot lure) medium PDF_IMAGE_LURE

PDF has 1 image(s), only 0 text block(s), carries a click-outward action, and is only 200 KB — typical shape of a phishing lure where a full-page screenshot hides a clickable button that launches or submits to an attacker URL.

Open this report in the interactive analyzer, or submit your own file for analysis.