Malicious PDF — malware analysis report

Static analysis result for SHA-256 b07d8bafb52ec739…

MALICIOUS

PDF

266.5 KB Authoring application: Smallpdf Desktop
MD5: 0b8c52cb6c2a97280adccc04fb168f9b SHA-1: 0cd6d3b6f4cad741e6143022dda3f0f8fdad2164 SHA-256: b07d8bafb52ec739ca173d234c66fbf94446a1e7e4b33ecd63b784a01cb3d886
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1059.001 PowerShell

The file was detected as malicious by ClamAV with the signature Pdf.Phishing.TtraffRobotInstall-7605656-0. The document body contains numerous URLs, suggesting a phishing or social engineering lure to download further malicious content. The ML classifier also flagged this PDF with high confidence. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9723

Heuristics 3

  • ClamAV: Pdf.Phishing.TtraffRobotInstall-7605656-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.TtraffRobotInstall-7605656-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://journeywithtornia.info/uploads/1/3/0/7/130776021/2afef280e6f494.pdf
    • http://minhquando.com/uploads/1/3/0/2/130287727/xomim.pdf
    • http://allencabinetshop.com/uploads/1/3/0/5/130539109/b6caa3632c046f8.pdf
    • http://rbmsarl.com/uploads/1/3/0/2/130289721/tepon_biriwagov.pdf
    • http://getleanin21.com/uploads/1/3/0/2/130272452/simufepavutufoxobe.pdf
    • http://bardswine.com/uploads/1/3/0/3/130323255/zizewago.pdf
    • http://fieldsenterprise.net/uploads/1/3/0/7/130740130/6c63d4b5.pdf
    • http://northpointed.com/uploads/1/3/0/6/130621897/tanobuluzosajixi.pdf
    • http://rockymountainmusicfestival.net/uploads/1/3/0/5/130539113/8305837.pdf
    • http://jhrpropertyltd.com/uploads/1/3/0/7/130740444/nonemefitunim-powanekulonew-zipur-pizusokezeva.pdf
    • http://bcdt.co.uk/uploads/1/3/0/5/130551920/6bb264f73e93d.pdf
    • http://hostmaster.intermezzosoloists.com/uploads/1/3/0/4/130476045/906bc17a6df95aa.pdf
    • http://nzbcool.com/uploads/1/3/0/2/130287463/f01552036fe6a.pdf
    • http://webdisk.modernjolie.com/uploads/1/3/0/4/130483756/4366145.pdf
    • http://audirecounselling.com/uploads/1/3/0/9/130969036/xidiru-kozamixap.pdf
    • http://www.sebastian-copeland.fr/uploads/1/3/0/7/130776594/9524780.pdf
    • http://donegraphics.com/uploads/1/3/0/7/130775612/bolikawonunaxoki.pdf
    • http://paulakeogh.net/uploads/1/3/0/6/130621432/6416404.pdf
    • http://scopeclothing.co.nz/uploads/1/3/0/5/130551434/1885485.pdf
    • http://www.idavueestate.net/uploads/1/3/0/5/130590383/kosixoxo-feluw.pdf
    • http://www.virtualbas.net/uploads/1/3/0/2/130291786/130291786.html#exercices+corrig%C3%A9s+sur+les+pointeurs+en+algorithme+pdf

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
font_00_sfnt_off00001b1c.bin
fe46a72450625778fdd746b2b36ae94396578c2b53a644bd9740d90ed308e711		 pdf-font-stream PDF embedded font (sfnt) at offset 0x1B1C 12120 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.