Malicious PDF — malware analysis report

Static analysis result for SHA-256 759082d5f352ba7c…

MALICIOUS

PDF

16.8 KB Created: 2018-02-05 14:35:37 +03:00 Authoring application: iTextSharp’ 5.5.10 ©2000-2016 iText Group NV (AGPL-version)
MD5: af11fc398ca9cf8936faab043c043f9e SHA-1: ce452483ca8535fdca16d91509555c18516dd2f9 SHA-256: 759082d5f352ba7c24de89ec079e89dca882bb1506c4231d4f175375afebfa84
60 Risk Score

Malware Insights

MITRE ATT&CK
T1204.002 Malicious File

The PDF contains a direct link to an executable archive, identified by the PDF_DIRECT_PAYLOAD_LINK heuristic. The embedded URL points to 'http://etlitttothen.com/info/SCAN_0502_3EBC.7z', which is highly suspicious. This indicates a likely attempt to trick the user into downloading and running a malicious payload.

Machine Learning

  • Nyx PDF Classifier clean score 0.0037

Heuristics 2

  • PDF link points directly to executable/archive payload critical PDF_DIRECT_PAYLOAD_LINK
    PDF contains a clickable HTTP(S) URI whose path ends in an executable, script, shortcut, disk image, or archive extension. Documents can legitimately link to installers, so this is a high-risk delivery indicator rather than a standalone exploit fingerprint.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://etlitttothen.com/info/SCAN_0502_3EBC.7z

Open this report in the interactive analyzer, or submit your own file for analysis.