Malicious PDF — malware analysis report

Static analysis result for SHA-256 6d0612568ddbdd4b…

MALICIOUS

PDF

818.2 KB Authoring application: pstoedit
MD5: 98a6495d3074f347ffa39174a805ac27 SHA-1: cd9179b494790078712ea6aae09c051f17fb3183 SHA-256: 6d0612568ddbdd4b4e121b16ea3b087eec0d12fccd11a3223da38926d4c62cae
64 Risk Score

Malware Insights

MITRE ATT&CK
T1566.001 Spearphishing Attachment T1059.007 JavaScript

The file is detected as a phishing PDF by ClamAV, indicating a malicious intent to deceive users. The document body contains embedded URLs that likely lead to further malicious content or phishing pages. The presence of external URIs suggests an attempt to redirect the user to a compromised or malicious site to download additional payloads or harvest credentials.

Machine Learning

  • Nyx PDF Classifier clean score 0.1398

Heuristics 3

  • ClamAV: Pdf.Phishing.TtraffRobotInstall-7605656-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.TtraffRobotInstall-7605656-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://friendsofsola.org.uk/uploads/1/3/0/3/130323286/5c5d98add8d2.pdf
    • http://lansingmihomesforrent.com/uploads/1/3/0/5/130589315/095e4dcd437ca5.pdf
    • http://moniquestam.nl/uploads/1/3/0/4/130490808/8813741.pdf
    • http://www.tiffanytieche.com/uploads/1/3/0/7/130738939/zezamewigodon.pdf
    • http://nobakebodycare.shop/uploads/1/3/0/7/130776077/fukasinofumi.pdf
    • http://oldschoolgamerclub.store/uploads/1/3/0/7/130739462/b4b4760c.pdf
    • http://nhgahplgsresidency.com/uploads/1/3/0/4/130490585/wufusiworovonaf.pdf
    • http://dancewithmisslaura.com/uploads/1/3/0/4/130488179/b98221fe.pdf
    • http://graciousdesignshome.com/uploads/1/3/0/3/130313500/5218105.pdf
    • http://savehiscalm.com/uploads/1/3/0/5/130539114/lesonurujorapen.pdf
    • http://myapotheka.com/uploads/1/3/0/5/130590096/letiwerago_midelarotug.pdf
    • http://runsquadopo.org/uploads/1/3/0/4/130476652/7a97b55b515b50.pdf
    • http://www.longitudemarketing.com/uploads/1/3/0/2/130272318/kegokixugozuj_kakiwabo_tuwejet_fileduwunap.pdf
    • http://heeratees.com/uploads/1/3/0/5/130588921/rasutazivijivodepila.pdf
    • http://revenuelist.com/uploads/1/3/0/2/130272925/247b9.pdf
    • http://casualsexchat.com/uploads/1/3/0/4/130483625/53489.pdf
    • http://marianasumerced.com/uploads/1/3/0/2/130289503/sorenovawo.pdf
    • http://inexpensive-kratom.com/uploads/1/3/0/3/130313241/kisenatasupubig.pdf
    • http://powerwashsystems.net/uploads/1/3/0/7/130776684/soxawig.pdf
    • http://guangxingmianfeikaihu.br3h.com/uploads/1/3/0/4/130435594/130435594.html#roadmap+for+financing+the+2030+agenda+for+sustainable+development
    • http://dejavu.sourceforge.net
    • http://dejavu.sourceforge.net/wiki/index.php/License

Extracted artifacts 2

Files carved from inside the sample during analysis.

FilenameKindSourceSize
font_00_sfnt_off00004275.bin
468a182f9c0cdfad2b0e6c04527a75f6057388bcb72e395d86ea996045678bae		 pdf-font-stream PDF embedded font (sfnt) at offset 0x4275 9124 bytes
font_01_sfnt_off00019843.bin
779aa567746046747dac965df7fdfb06ff632674a0a99ce247a327bf89f0fa63		 pdf-font-stream PDF embedded font (sfnt) at offset 0x19843 16036 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.