PDF malware analysis — malicious · 7b2b6ea3f4006202

MALICIOUS

PDF

32.8 KB Authoring application: Inkscape

MD5: 1826342da613b48f872bdbd9ea9678e1 SHA-1: 2d6bafbd546461a7b31f8d1d9330b1bc8223bf73 SHA-256: 7b2b6ea3f40062029d83e85bbb051c2da4508b652503f8c9fe9ab9aed0b1e4aa

92 Risk Score

Malware Insights

MITRE ATT&CK

T1566.002 Spearphishing Attachment T1059.001 PowerShell

The file is a PDF document that contains embedded URLs pointing to other PDF files and an HTML page. The ClamAV detection 'Pdf.Phishing.TtraffRobotInstall-7605656-0' and the ML classifier strongly indicate malicious intent, likely phishing or malware distribution. The document body, while containing product specifications, also includes these malicious URLs, suggesting a lure to download further malicious content.

Machine Learning

Nyx PDF Classifier malicious score 0.9995

Heuristics 3

ClamAV: Pdf.Phishing.TtraffRobotInstall-7605656-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Phishing.TtraffRobotInstall-7605656-0
External URI info PDF_URI

PDF contains an external URL action
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
URL http://bilper.pt/uploads/1/3/0/6/130604516/bivaxabilid_vigilapisibadi.pdf
- http://skipcoryell.com/uploads/1/3/0/4/130483447/rekubasinuxis.pdf
- http://elliemaysgrowingupridgeback.com/uploads/1/3/0/5/130590637/7028803.pdf
- http://beingself-centered.com/uploads/1/3/0/5/130590308/130590308.html#panasonic+dmc+tz40+specs

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`font_00_sfnt_off00000fb7.bin` `50ff5f0093f49baf82f5813d01288f4034874af71e33c9220496f55bb65adb04`	pdf-font-stream	PDF embedded font (sfnt) at offset 0xFB7	7988 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.