PDF malware analysis — malicious · 7862cd9228ac76f7

MALICIOUS

PDF

38.0 KB Authoring application: Solid Converter PDF

MD5: 794232ac9b563e3cf7d39a1ac3f85b89 SHA-1: 255ecb0d21ec652991a1ffd4904e498839146e19 SHA-256: 7862cd9228ac76f792aff318d1d81addaf189abe63937f0725e14f7c58e1465d

94 Risk Score

Malware Insights

MITRE ATT&CK

T1566.001 Spearphishing Attachment T1059.007 JavaScript

The PDF contains multiple embedded URLs that lead to other PDF files, suggesting a phishing or malware distribution scheme. The ClamAV detection as 'Pdf.Phishing.TtraffRobotInstall-7605656-0' and the ML classifier strongly indicate malicious intent. The document body's truncated preview is a common lure to encourage users to click on embedded links.

Machine Learning

Nyx PDF Classifier malicious score 0.9998

Heuristics 3

ClamAV: Pdf.Phishing.TtraffRobotInstall-7605656-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Phishing.TtraffRobotInstall-7605656-0
External URI info PDF_URI

PDF contains an external URL action
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
URL http://timothyabrams.com/uploads/1/3/0/6/130605306/5224478.pdf
- http://sweetonketobakery.com/uploads/1/3/0/6/130604864/84833.pdf
- http://skycampgreenwich.org/uploads/1/3/0/3/130313284/suzebejozapijebad.pdf
- http://kimchibabe.com/uploads/1/3/0/2/130289809/teludopami.pdf
- http://soccerskillschools.com/uploads/1/3/0/3/130313339/130313339.html#solucion+de+casos+practicos+economia+empresarial

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`font_00_sfnt_off00001077.bin` `5ed2ddda3737f3a25b854cac2a04688e62f74729175e5b0495e678ae8945735e`	pdf-font-stream	PDF embedded font (sfnt) at offset 0x1077	8960 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.