Malicious PDF — malware analysis report

Static analysis result for SHA-256 b019c8c44f959704…

MALICIOUS

PDF

46.2 KB Authoring application: Adobe PDF Library 9.0
MD5: 577bd45f00a8ee75fcae3d6632cc5bad SHA-1: cb6b6cb5b350d29a528adb499bd6c50822b905a4 SHA-256: b019c8c44f9597043b13fff7b3b9ba8f2d9f188ea127728bb0cab2456cb14bbb
70 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell T1566.002 Spearphishing Attachment

The ClamAV heuristic 'Pdf.Phishing.TtraffRobotInstall-7605656-0' strongly indicates a phishing campaign. The presence of multiple embedded URLs, including one that appears to be a job interview-related lure, further supports this. The heuristic 'SE_DOWNLOAD_BUTTON' suggests a direct attempt to trick the user into downloading content. No scripts were extracted, limiting the ability to determine specific payload delivery mechanisms.

Heuristics 4

  • ClamAV: Pdf.Phishing.TtraffRobotInstall-7605656-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.TtraffRobotInstall-7605656-0
  • Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTON
    Document contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://kalaman.net/uploads/1/3/0/3/130323602/5264955.pdf
    • http://edukasi.info/uploads/1/3/0/6/130604529/fee3ba6.pdf
    • http://flourishhealthmd.com/uploads/1/3/0/4/130489128/daxepen-dudedet-melukorilodu-dutaji.pdf
    • http://ourchildrensfund.com/uploads/1/3/0/5/130540065/6947717.pdf
    • http://neokundalini.org/uploads/1/3/0/3/130324137/130324137.html#job+interview+tell+me+about+yourself+answers

Extracted artifacts 2

Files carved from inside the sample during analysis.

FilenameKindSourceSize
font_00_sfnt_off0000106c.bin
e63c639e96d08c4e6dc137d444e8671b9190b60b8c392e629f22bbcf992cf83c		 pdf-font-stream PDF embedded font (sfnt) at offset 0x106C 8568 bytes
font_01_sfnt_off00007b5e.bin
83459e82cebe561b9e65dda6a09953c9e35f75e5df0fa62a624e1833cc5b8086		 pdf-font-stream PDF embedded font (sfnt) at offset 0x7B5E 1708 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.