Malicious PDF — malware analysis report

Static analysis result for SHA-256 8e3a77c1883abfa4…

MALICIOUS

PDF

34.3 KB Authoring application: pdf-parser
MD5: 145f02fd2cd057340169bf35e8405c66 SHA-1: 1e1ca206fab4f2c1a43b655cc2b47fe675ece155 SHA-256: 8e3a77c1883abfa48cf6046ea7373e6c21116c5834b821380ab0da628eab70b8
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The ClamAV detection and ML classifier strongly indicate malicious intent. The PDF contains embedded URLs that lead to other PDF files, suggesting a phishing or malware distribution scheme. The document body, though partially corrupted, contains references to the embedded URLs, reinforcing the lure.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9994

Heuristics 3

  • ClamAV: Pdf.Phishing.TtraffRobotInstall-7605656-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.TtraffRobotInstall-7605656-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://pupplesapp.com/uploads/1/3/0/5/130551298/rodexir.pdf
    • http://simplymarvelouslife.com/uploads/1/3/0/2/130270777/7276928.pdf
    • http://vimo.zorfa.icu/uploads/2020/01/29/jivogopik.pdf
    • http://cagedchicken.com/uploads/1/3/0/2/130270958/130270958.html#worship+chord+progressions+piano+pdf

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
font_00_sfnt_off00000f8d.bin
4f07aab6ad09481399db0d9a0a7e6273492d5477579fe9244971433dad2449e2		 pdf-font-stream PDF embedded font (sfnt) at offset 0xF8D 7852 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.