Malicious PDF — malware analysis report

Static analysis result for SHA-256 8d86a0611dbf441a…

MALICIOUS

PDF

36.9 KB Authoring application: pstoedit
MD5: 4939a50d184af09140c28111f1c080f1 SHA-1: c3df45a63e93c0d78753095fb46fe26efe035a0c SHA-256: 8d86a0611dbf441a498cae602432bd7adfd20926e26ecee192e5ff4dcacd57db
62 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell

The file is identified as a malicious PDF by ClamAV. The document body contains multiple URLs that likely lead to further malicious content or phishing pages. The embedded URLs and the ClamAV detection suggest a phishing or malware distribution attempt.

Heuristics 3

  • ClamAV: Pdf.Phishing.TtraffRobotInstall-7605656-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.TtraffRobotInstall-7605656-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://saywhatulike.com/uploads/1/3/0/4/130478160/taburatiposeg_josavi_giwidifasiv_verojekikan.pdf
    • http://caitescapestravel.org/uploads/1/3/0/7/130739346/penisadexoxapi_sewajeregazisok.pdf
    • http://katypoolservice.net/uploads/1/3/0/5/130590538/9b14d9a647df3.pdf
    • http://desatascosgava.net/uploads/1/3/0/6/130603808/rifoweluleki.pdf
    • http://dragonflyfloralrentals.com/uploads/1/3/0/5/130546391/130546391.html#sports+day+anchoring+script+in+hindi

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
font_00_sfnt_off000010c5.bin
7907634ef00484e5bf9070c3d82647db60ce186e76277f049429eef579f793e7		 pdf-font-stream PDF embedded font (sfnt) at offset 0x10C5 8360 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.