PDF malware analysis — malicious · 57839b265a7d2c27

MALICIOUS

PDF

34.4 KB Authoring application: Pdftk

MD5: 9508f80c9ed7d07c821deba289047d7e SHA-1: efeea915b15270eda067347c416c7de2ca9b3601 SHA-256: 57839b265a7d2c2702226c4d8f178f36e676a2091cbb202c92d062d7a796760f

62 Risk Score

Malware Insights

MITRE ATT&CK

T1566.002 Spearphishing Attachment T1059.001 PowerShell

The ClamAV heuristic 'Pdf.Phishing.TtraffRobotInstall-7605656-0' strongly suggests a phishing campaign. The embedded external URIs point to suspicious PDF files hosted on potentially compromised websites, indicating a likely attempt to deliver further malicious content or redirect users to phishing pages. No scripts were extracted, limiting the analysis of specific execution behaviors.

Heuristics 3

ClamAV: Pdf.Phishing.TtraffRobotInstall-7605656-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Phishing.TtraffRobotInstall-7605656-0
External URI info PDF_URI

PDF contains an external URL action
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
URL http://redwoodcoastaccounting.com/uploads/1/3/0/5/130539341/tudifonagusokinij.pdf
- http://jtslawncare.org/uploads/1/3/0/5/130551597/b846284e698103d.pdf
- https://juwogoluzena.weebly.com/uploads/1/3/0/3/130379590/9547813.pdf
- http://beraginuta.syndicat.club/uploads/2020/01/28/6184807.pdf
- http://ledseven.ru/uploads/2020/01/29/4205842.pdf
- http://podollangpis.devsite-1.com/uploads/1/3/0/6/130639962/130639962.html#pre+eclampsia+acog+2019

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`font_00_sfnt_off000011ef.bin` `e50210c02dbef97d1f4af898dd80a396a3d71faf7b3d59564a2ba28ab8071e6d`	pdf-font-stream	PDF embedded font (sfnt) at offset 0x11EF	8332 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.