Malicious PDF — malware analysis report

Static analysis result for SHA-256 6b00326867a282da…

MALICIOUS

PDF

1.9 KB Created: 2012-02-08 Authoring application: R and OS php pdf writer, http://www.ros.co.nz
MD5: 65f076cf123f78b0ed29a4490a17f0fa SHA-1: e4b2cbf97dc0cb65a3c8461de0878d0e418644fb SHA-256: 6b00326867a282da35b6a8301f999af909a90dbc506ff3a69339d52d8d777414
62 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment

The PDF document contains embedded URLs and text impersonating a government tax service to trick users into visiting a malicious website. The ClamAV heuristic indicates this is a known PDF dropper, suggesting it likely downloads and executes a second-stage payload. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier clean score 0.2071

Heuristics 2

  • ClamAV: Pdf.Dropper.Agent-7596684-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7596684-0
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.ros.co.nz
    • http://www.usgora.pl
    • http://m.dottasink.net/en/index.php

Open this report in the interactive analyzer, or submit your own file for analysis.