PDF malware analysis — malicious · 5afc51d26490f761

MALICIOUS

PDF

45.6 KB Authoring application: Serif PagePlus

MD5: bfa1155c84bb28ee549f7f78d903ac5b SHA-1: dabe6560860df9e6f7986b4213db3c807efebf35 SHA-256: 5afc51d26490f761e40cd8f1e5b6678ece1c3d01364bac960e9e83f45bf786e1

94 Risk Score

Malware Insights

MITRE ATT&CK

T1566.001 Spearphishing Attachment T1059.007 JavaScript

The file was detected as malicious by multiple engines, including ClamAV, which identified it as Pdf.Phishing.TtraffRobotInstall-7605656-0. The document body contains embedded URLs that likely lead to the download of further malicious content, such as additional PDFs. The presence of these URLs and the phishing classification strongly suggest a phishing attack vector.

Machine Learning

Nyx PDF Classifier malicious score 0.9991

Heuristics 3

ClamAV: Pdf.Phishing.TtraffRobotInstall-7605656-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Phishing.TtraffRobotInstall-7605656-0
External URI info PDF_URI

PDF contains an external URL action
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
URL http://bamabreddoodles.net/uploads/1/3/0/5/130590462/3001449.pdf
- http://cleanhappy.co.uk/uploads/1/3/0/6/130605228/5732427.pdf
- http://amberbowmanfit.com/uploads/1/3/0/5/130588388/nisewo.pdf
- http://mishadumois.com/uploads/1/3/0/2/130273993/130273993.html#tipicamente+persistentes+viral+as+in

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`font_00_sfnt_off00001072.bin` `a212020cd93f6bd942e66c6960e7a637c87a37b36f85f64eb2620542253120d1`	pdf-font-stream	PDF embedded font (sfnt) at offset 0x1072	10328 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.