PDF malware analysis — malicious · 9b08486148c72d32

MALICIOUS

PDF

188.9 KB Created: 2015-09-01 08:31:13 Authoring application: convertonlinefree.com

MD5: 648e7cbb1b952bd78acfe02c1f680853 SHA-1: ca04a9429653049c7ce54bd3184478a6851fbb9f SHA-256: 9b08486148c72d32b32b6924405c5260ca93f85977942a7b5d670f10a5dad902

68 Risk Score

Malware Insights

MITRE ATT&CK

T1566.002 Spearphishing Attachment T1204.002 Malicious File

The critical ClamAV heuristic 'Pdf.Dropper.Agent-7286042-0' indicates this PDF is a known dropper. The SE_INVOICE_LURE heuristic suggests the document's content is designed to deceive the user into taking an action, such as clicking a link or opening an attachment, which would lead to the execution of a malicious payload. No scripts were extracted from this sample.

Heuristics 2

ClamAV: Pdf.Dropper.Agent-7286042-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Dropper.Agent-7286042-0
Fake invoice / payment lure low SE_INVOICE_LURE

Document contains invoice or payment language paired with an action verb — useful context when combined with link, macro, or attachment indicators

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`stream_003_off000158a2.bin` `4d934f64ec9996098d18fb48bc53783999e035c4f43a0b3c6aa586d5704d65ba`	decompressed-pdf-stream	PDF FlateDecoded stream at offset 0x158A2	218748 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.