PDF malware analysis — malicious · 53418d5820ac5fe6

MALICIOUS

PDF

200.8 KB Authoring application: PyPDF2

MD5: 27ec1ce7af7918df00c51de6e2ab9b82 SHA-1: 68900b6ec5a8115521047e26114a24150b2edaf4 SHA-256: 53418d5820ac5fe686da000f652f3331f8e0d9cb7407c34d2c3c8126ff476314

90 Risk Score

Malware Insights

MITRE ATT&CK

T1566.002 Phishing: Spearphishing Attachment

The PDF was identified as an image-only lure, a common phishing technique where a visual deception hides a clickable link. The heuristic 'PDF_ESCAPED_URI_IMAGE_LURE' specifically highlights a clickable URL embedded within the PDF content, which is the primary indicator of malicious intent. The ML classifier further supports the malicious nature of the file.

Machine Learning

Nyx PDF Classifier malicious score 0.8485

Heuristics 2

Image-heavy PDF hides clickable URL with PDF string escapes high PDF_ESCAPED_URI_IMAGE_LURE

PDF is image-heavy with little real text and its clickable HTTP(S) URI is encoded with PDF octal escapes. This combination is common in credential-phishing PDFs that render a screenshot-like prompt and obscure the destination from simple URL extractors.
Image-only document with action trigger (screenshot lure) medium PDF_IMAGE_LURE

PDF has 1 image(s), only 0 text block(s), carries a click-outward action, and is only 200 KB — typical shape of a phishing lure where a full-page screenshot hides a clickable button that launches or submits to an attacker URL.

Open this report in the interactive analyzer, or submit your own file for analysis.