Malicious PDF — malware analysis report

Static analysis result for SHA-256 a0f350126faea9cd…

MALICIOUS

PDF

60.4 KB Created: 2016-03-13 16:49:14 Authoring application: convertonlinefree.com
MD5: dde503b85f98626eae79e6804be2f495 SHA-1: 0512ccb8e4e95271ca24e2585af420e8f8af30c0 SHA-256: a0f350126faea9cddb6554d3580629def4c03128a1befe3a72a7414e1921492a
62 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1059.001 PowerShell

The file is identified as a malicious PDF by ClamAV. It contains an embedded URL, http://greatintercompanyltd.ga/DH/, which is likely used to deliver a secondary payload. The PDF structure and the presence of an external URI suggest a common dropper or downloader pattern.

Machine Learning

  • Nyx PDF Classifier clean score 0.0573

Heuristics 3

  • ClamAV: Pdf.Dropper.Agent-7288242-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7288242-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://greatintercompanyltd.ga/DH/

Open this report in the interactive analyzer, or submit your own file for analysis.