PDF malware analysis — malicious · 7a896fe08dd3fd0c

MALICIOUS

PDF

37.9 KB Created: 2015-08-29 19:49:05 +03:00 Authoring application: 1 (via Softplicity)

MD5: fe5556fc0a0e5a79d8d4b21c8cdf5434 SHA-1: 6fdbe7c3ceab63a3e23b7ebaf3557aa4153ebb95 SHA-256: 7a896fe08dd3fd0c9f751c2d122da5f3a683570b5ea5bae637c45df55d94b6f6

62 Risk Score

Malware Insights

MITRE ATT&CK

T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF file contains an embedded URL that directs users to download an instruction manual. This URL, 'http://goto.tomsorg.com/list.php?q=Soundlogic', is flagged as suspicious and is likely part of a phishing or malware distribution scheme. The ClamAV detection 'Pdf.Dropper.Agent-7593288-0' further supports the malicious nature of the file, indicating it functions as a dropper for other malicious content.

Heuristics 3

ClamAV: Pdf.Dropper.Agent-7593288-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Dropper.Agent-7593288-0
External URI info PDF_URI

PDF contains an external URL action
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
URL http://goto.tomsorg.com/list.php?q=Soundlogic
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/pdf/1.3/

Extracted artifacts 2

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`stream_003_off00002a52.bin` `09a63204f0ea9e519bc07495808e85630296db6da696c833dca6a01184296437`	decompressed-pdf-stream	PDF FlateDecoded stream at offset 0x2A52	20320 bytes
`font_01_sfnt_off0000612c.bin` `8a5ba25d587ff5e42224302846a3abc9b870f9a30f8116308b5c39632e7685b2`	pdf-font-stream	PDF embedded font (sfnt) at offset 0x612C	17548 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.