Malicious PDF — malware analysis report

Static analysis result for SHA-256 88c86e57c23bb7f7…

MALICIOUS

PDF

67.1 KB Created: 2025-08-01 13:38:45 +03:00 Authoring application: iText® Core 7.2.5 (AGPL version) ©2000-2023 iText Group NV
MD5: 9f36cda4fac9ab01a41badcc656f72f0 SHA-1: 124796a6a7791ddf1d0f2a4c1a93a7e08cfc3895 SHA-256: 88c86e57c23bb7f7b8f4ba71837b49fa92cb1c1d1f1f7758ee8a145c554ea795
60 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell

The PDF contains a direct link to a .rar archive, identified by the PDF_DIRECT_PAYLOAD_LINK heuristic. This indicates the document's primary purpose is to facilitate the download of a secondary malicious payload. The embedded URL is the most critical indicator for further investigation.

Machine Learning

  • Nyx PDF Classifier clean score 0.0148

Heuristics 2

  • PDF link points directly to executable/archive payload critical PDF_DIRECT_PAYLOAD_LINK
    PDF contains a clickable HTTP(S) URI whose path ends in an executable, script, shortcut, disk image, or archive extension. Documents can legitimately link to installers, so this is a high-risk delivery indicator rather than a standalone exploit fingerprint.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://fnvimoyvwkbxbmczlqus.supabase.co/storage/v1/object/public/auths0//Booking13763.rar

Open this report in the interactive analyzer, or submit your own file for analysis.