Malicious PDF — malware analysis report

Static analysis result for SHA-256 6031b20752916e34…

MALICIOUS

PDF

28.9 KB Authoring application: Smallpdf Desktop
MD5: 3b618a058f04b19f5a47f1ac55a29d4c SHA-1: 181112725673f23bc07d3952edc347a903c455f9 SHA-256: 6031b20752916e34dff7761c63db876cb2e7df1dd16893e5a8e26208514ba594
134 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.007 JavaScript

The file is identified as malicious by multiple heuristics, including ClamAV and an ML classifier, and contains embedded URLs pointing to external PDFs. The document body, though partially corrupted, contains references to these URLs and mentions 'Monkey dance video free', suggesting a lure to entice users to click on the provided links. The presence of external URI indicators and the 'Password-protected archive lure' heuristic further support a phishing or social engineering attack pattern.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9994

Heuristics 4

  • ClamAV: Pdf.Phishing.TtraffRobotInstall-7605656-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.TtraffRobotInstall-7605656-0
  • Password-protected archive handoff high SE_PASSWORD_ARCHIVE_LURE
    Document gives password instructions for an archive or attachment — often used to keep payloads encrypted until after gateway scanning
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://nettletonband.com/uploads/1/3/0/6/130621836/c1c3a96e8d111.pdf
    • http://personaloutfits.com/uploads/1/3/0/4/130435684/narepuzat_naxit_nagagabadupon_gomovuse.pdf
    • http://eastvalleyyouthsports.com/uploads/1/3/0/5/130551241/totubokaxe.pdf
    • http://thehappygirlstore.com/uploads/1/3/0/6/130604641/130604641.html#monkey+dance+video++free

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
font_00_sfnt_off00000fb1.bin
0ef97b35d2e4d733099c9ae0dddfac87c12f00770215ea728a5701821cac7f8e		 pdf-font-stream PDF embedded font (sfnt) at offset 0xFB1 7956 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.