PDF malware analysis — malicious · 900fccb1bace4eb8

MALICIOUS

PDF

96.3 KB Authoring application: Skia/PDF m115 Google Docs Renderer

MD5: a52d6d8b38470c285ad9e4e246f9debb SHA-1: 943455bbc34e92678c1f3fefe483a9e1473ad809 SHA-256: 900fccb1bace4eb8c126b819d770ac67fb4f30cc22de394088233e6794155e64

60 Risk Score

Malware Insights

MITRE ATT&CK

T1566.002 Spearphishing Attachment

The PDF contains multiple invisible links that direct the user to download a ZIP archive from 'ayokoloran.com'. This technique is commonly used to deliver secondary payloads. The heuristics indicate a critical finding related to repeated payload links, strongly suggesting a malicious intent to trick the user into downloading malware.

Machine Learning

Nyx PDF Classifier clean score 0.0663

Heuristics 2

Invisible/repeated PDF links deliver payload file critical PDF_REPEATED_PAYLOAD_LINK_LURE

PDF uses invisible link annotations and points to a direct payload download. Repeated invisible links or lure-like payload names such as document/unlock/verify archives match malware-delivery PDF carriers where the page is only a prompt and the real payload is fetched from the linked URL.
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.

URL https://ayokoloran.com/Doc99483898398839.zip

Open this report in the interactive analyzer, or submit your own file for analysis.