PDF malware analysis — malicious · a2d1034c6954b591

MALICIOUS

PDF

751.0 KB Created: 2018-08-14 00:37:17 +01:00 Authoring application: Microsoft® Word 2010

MD5: 9f7101a889bf06ac656e78de0a813951 SHA-1: b832347f8d80cf24419e9539c6a24f8b476924da SHA-256: a2d1034c6954b59154e0868d57a57d2b9698433bd3553782ba5bed3f45358ac9

60 Risk Score

Malware Insights

MITRE ATT&CK

T1059.001 PowerShell T1204.002 Malicious File

The PDF document contains a direct link to an executable payload, specifically a JAR file. This indicates a clear attempt to trick the user into downloading and running malicious code. The heuristic 'PDF_DIRECT_PAYLOAD_LINK' strongly supports this conclusion. The embedded URL is the primary indicator of the malicious payload.

Machine Learning

Nyx PDF Classifier clean score 0.0375

Heuristics 2

PDF link points directly to executable/archive payload critical PDF_DIRECT_PAYLOAD_LINK

PDF contains a clickable HTTP(S) URI whose path ends in an executable, script, shortcut, disk image, or archive extension. Documents can legitimately link to installers, so this is a high-risk delivery indicator rather than a standalone exploit fingerprint.
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.

URL http://pay12.byethost32.com/Order.jar

Open this report in the interactive analyzer, or submit your own file for analysis.