PDF malware analysis — malicious · 6b9a1fab58be7c3e

MALICIOUS

PDF

209.0 KB Created: 2017-11-14 02:11:16 +03:00 Authoring application: Microsoft® Word 2013

MD5: ecade34e2457f86bb43bb158a8560e04 SHA-1: 37518b53b6d8e2e7f7ef33d5bed20226bbdff2c1 SHA-256: 6b9a1fab58be7c3e185c8a340f7e61aad81c7f40ff2900d94b562e2afe4d44d2

172 Risk Score

Machine Learning

Nyx PDF Classifier malicious score 0.7465

Heuristics 4

PDF link points directly to executable/archive payload critical PDF_DIRECT_PAYLOAD_LINK

PDF contains a clickable HTTP(S) URI whose path ends in an executable, script, shortcut, disk image, or archive extension. Documents can legitimately link to installers, so this is a high-risk delivery indicator rather than a standalone exploit fingerprint.
ClamAV: Pdf.Dropper.Agent-7269841-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Dropper.Agent-7269841-0
Image-only document with action trigger (screenshot lure) medium PDF_IMAGE_LURE

PDF has 1 image(s), only 0 text block(s), carries a click-outward action, and is only 209 KB — typical shape of a phishing lure where a full-page screenshot hides a clickable button that launches or submits to an attacker URL.
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.

URL https://c.lewd.se/Cw4ZR4_606870523501870100.zip

Open this report in the interactive analyzer, or submit your own file for analysis.