Malicious PDF — malware analysis report

Static analysis result for SHA-256 93aa947072983f05…

MALICIOUS

PDF

369.3 KB Authoring application: pdf-parser
MD5: 8376102c4c9d6544eaa899fc8ddc438e SHA-1: 7f93879f780fdad27fa5e950253f7d212641f4ca SHA-256: 93aa947072983f058f1b8652b246cd12592084da7bcd8ec2188d25bd15c22da3
62 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious File

The file is a PDF that contains multiple embedded URLs, several of which are flagged as unknown reputation. The ClamAV heuristic specifically identifies it as 'Pdf.Phishing.TtraffRobotInstall', indicating a phishing attempt. The document body, though partially corrupted, contains references to 'Aimsun manual pdf' and includes suspicious URLs, suggesting a lure to download further malicious content.

Heuristics 3

  • ClamAV: Pdf.Phishing.TtraffRobotInstall-7605656-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.TtraffRobotInstall-7605656-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://kusatori.info/uploads/2020/01/28/nojufafusi.pdf
    • http://omahamassagecoupons.com/uploads/1/3/0/4/130489265/4055721.pdf
    • https://pibinaxore.weebly.com/uploads/1/3/0/4/130488741/zuzafanukil_jewib.pdf
    • http://vesta-elit.ru/uploads/2020/01/27/dogikede.pdf
    • https://momudunaripopo.weebly.com/uploads/1/3/0/2/130271051/kufogi_zorobotidajujas_gifagu_lamagexutomebup.pdf
    • http://thesingbabysingshow.com/uploads/1/3/0/5/130550972/130550972.html#aimsun+manual+pdf

Extracted artifacts 3

Files carved from inside the sample during analysis.

FilenameKindSourceSize
font_00_sfnt_off000016da.bin
592645a17fd030cd338a7a475892787ff4f2b9e5430dc165529b62d52ab19624		 pdf-font-stream PDF embedded font (sfnt) at offset 0x16DA 10208 bytes
font_01_sfnt_off0000bde0.bin
74ce6fbac0535695d0896bc01d51d0909e137f0d577c5f20b90477c0ff6d3efa		 pdf-font-stream PDF embedded font (sfnt) at offset 0xBDE0 3168 bytes
font_02_sfnt_off0001dc54.bin
a744be5a89fdf67af00b3e141ef5066af7ff3529693423a447b9909203620176		 pdf-font-stream PDF embedded font (sfnt) at offset 0x1DC54 3168 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.