PDF malware analysis — malicious · 90874c4874159747

MALICIOUS

PDF

1.5 KB Created: 2018-09-03 15:21:01 +03:00 Authoring application: dompdf + CPDF

MD5: 7db2fcc3825090d0f2ed73ab66f6dc05 SHA-1: c2e1ccf55549f1630dd6ac7047e539443e340fc6 SHA-256: 90874c48741597479fd54872a24bb52516b1dedb81f4f71ce4661a0a8b9fc977

62 Risk Score

Malware Insights

MITRE ATT&CK

T1566.002 Spearphishing Attachment

The PDF file contains a link to 'http://laschuk.com.br/Payments' disguised as an invoice download. The ClamAV heuristic 'Pdf.Dropper.Agent-9238377-0' strongly suggests this PDF is a dropper for malicious content. The embedded document body text further reinforces the lure by asking the user to 'DOWNLOAD INVOICE'.

Heuristics 3

ClamAV: Pdf.Dropper.Agent-9238377-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Dropper.Agent-9238377-0
External URI info PDF_URI

PDF contains an external URL action
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.

URL http://laschuk.com.br/Payments

Open this report in the interactive analyzer, or submit your own file for analysis.