Malicious PDF — malware analysis report

Static analysis result for SHA-256 676fb44fd31c8b9d…

MALICIOUS

PDF

13.9 KB Created: 2020-03-18 17:21:40 +00:00 Authoring application: mPDF 5.7
MD5: ccedd5a10352e4dfcfd1cb46767f75de SHA-1: 0b2f3bc16d60611d758c69605b9127e9e84ef6f0 SHA-256: 676fb44fd31c8b9d5061c933839a2aafc19c8a94f9e183d4a60bb06dbcec1ead
94 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1203 Exploitation for Client Execution

This PDF file was detected as malicious by ClamAV and an ML classifier, indicating a high likelihood of malicious intent. The embedded URLs suggest the document is designed to trick the user into downloading a secondary payload, likely exploiting a PDF vulnerability. The presence of multiple similar URLs points to a dropper functionality.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9102

Heuristics 3

  • ClamAV: Pdf.Dropper.Agent-7687763-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7687763-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://weasciaoak.myhome.cx/72d02d82d22d42d4/Mireille-Et-Vincent-D-Apres-Mireille-de-Frederic-Mistral-by-Marcel-Jullian.pdf
    • http://weasciaoak.myhome.cx/52d22d82d32d12d3/Les-Mots-crois-s-pr-c-d-s-de-Consid-rations-de-l-auteur-sur-l-art-et-la-mani-re-de-croiser-des-mots-by-Georges-Perec.pdf
    • http://weasciaoak.myhome.cx/52d62d42d82d92d6/Les-mots-que-j-aime---En-dix-mots-comme-en-cents-by-Philippe-Delerm.pdf
    • http://weasciaoak.myhome.cx/52d72d92d32d42d9/Mots-rumeurs-mots-cutter-by-Charlotte-Bousquet.pdf
    • http://weasciaoak.myhome.cx/42d42d42d22d22d6/Joe-amp-Ik-by-Mireille-Geus.pdf
    • http://weasciaoak.myhome.cx/82d32d32d42d72d7/Hymne-aux-mur-nes-by-Mireille-Best.pdf
    • http://weasciaoak.myhome.cx/52d32d32d02d12d8/La-fin-du-hasard-by-Grichka-Bogdanov.pdf
    • http://weasciaoak.myhome.cx/52d32d32d02d72d2/Hasard-by-Mario-Puzo.pdf
    • http://weasciaoak.myhome.cx/52d32d32d12d72d0/Londres-par-hasard-by-Eva-Rice.pdf
    • http://weasciaoak.myhome.cx/52d32d32d12d22d5/Une-fen-tre-au-hasard-by-Pia-Petersen.pdf
    • http://weasciaoak.myhome.cx/52d32d32d12d22d2/Ce-n-est-pas-un-hasard-by-Ryoko-Sekiguchi.pdf
    • http://weasciaoak.myhome.cx/52d32d32d12d32d8/La-femme-de-hasard-by-Jonathan-Coe.pdf
    • http://weasciaoak.myhome.cx/52d32d32d12d52d8/Un-pur-hasard-by-Fr-d-rique-Deghelt.pdf
    • http://weasciaoak.myhome.cx/52d32d32d02d32d2/Le-hasard-by-mile-Borel.pdf
    • http://weasciaoak.myhome.cx/72d02d72d92d72d1/Mireille-l-Abeille-by-Antoon-Krings.pdf
    • http://weasciaoak.myhome.cx/52d32d72d52d42d6/Maisons-hant-es-by-Mireille-Thibault.pdf
    • http://weasciaoak.myhome.cx/72d12d72d22d82d9/Mistral-par-l-image-by-Mireille-Bosqui.pdf
    • http://weasciaoak.myhome.cx/72d12d92d62d82d0/Ces-pr-tres-qui-tuent-by-Mireille-Thibault.pdf
    • http://weasciaoak.myhome.cx/72d02d82d12d32d9/Le-lit-d-Ali-nor-Tome-2-by-Mireille-Calmel.pdf
    • http://weasciaoak.myhome.cx/72d02d82d02d52d5/Le-lit-d-Ali-nor-Tome-1-by-Mireille-Calmel.pdf

Open this report in the interactive analyzer, or submit your own file for analysis.