PDF malware analysis — malicious · 8fe9444be5c27da7

MALICIOUS

PDF

3.5 KB Created: 2017-04-26 17:23:01 +02:00 Authoring application: dompdf + CPDF

MD5: d0566807c099398c0b40a59aea9296c6 SHA-1: 4f0401e9162df241693af88a69d20d5137490404 SHA-256: 8fe9444be5c27da77078418097aabe2318d30f51aca1cd48971b38dfe8dc4abc

70 Risk Score

Malware Insights

MITRE ATT&CK

T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The file is identified as a malicious PDF dropper by ClamAV. The document body contains text mimicking an invoice and prompts the user to click a link to view or download a copy, which is a common phishing tactic. The embedded URL points to a suspicious domain, further supporting the malicious intent.

Heuristics 4

ClamAV: Pdf.Dropper.Agent-7282364-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Dropper.Agent-7282364-0
Fake invoice / payment lure low SE_INVOICE_LURE

Document contains invoice or payment language paired with an action verb — useful context when combined with link, macro, or attachment indicators
External URI info PDF_URI

PDF contains an external URL action
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
URL http://levelsnightclub.com/invoice-99022-Apr-25-2017-US-989211/
- http://levelsnightclub.com/invoice-99022-Apr-25-2017-US-989211/name=

Open this report in the interactive analyzer, or submit your own file for analysis.