PDF malware analysis — malicious · b3b0ccc028ef893c

MALICIOUS

PDF

36.9 KB Authoring application: Scribus

MD5: f39a98413cdd50e38923e96685cc716c SHA-1: 70510be0cf52d85e9cbae21641570d91daff5a05 SHA-256: b3b0ccc028ef893c6bee2a32e20510fd7a9a96aea2e507f015d7c9565aa345e5

70 Risk Score

Malware Insights

MITRE ATT&CK

T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The file is a PDF document that uses an urgency lure to trick the user into downloading a malicious file. The ClamAV detection indicates it is a phishing-related threat. Multiple embedded URLs point to suspicious PDF files, suggesting a delivery mechanism for further malicious content.

Heuristics 4

ClamAV: Pdf.Phishing.TtraffRobotInstall-7605656-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Phishing.TtraffRobotInstall-7605656-0
Urgency / deadline lure low SE_URGENCY_LURE

Document contains urgency or deadline language ('account will be terminated', 'action required within 24 hours', etc.) — useful context, but low-signal without other findings
External URI info PDF_URI

PDF contains an external URL action
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
URL http://brownmediadesigns.com/uploads/1/3/0/4/130483256/2044915b411fe9.pdf
- http://coyraid67.com/uploads/1/3/0/6/130621378/zatinu.pdf
- http://whcyoga.com/uploads/1/3/0/4/130476736/voruleziw.pdf
- http://riversidecountyhistory.org/uploads/1/3/0/4/130483939/130483939.html#report+writing+example+for+students+pdf+download

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`font_00_sfnt_off00000fef.bin` `fd7b0d677ffe8b4a4ea896975920dc5b95dbc41154a6128382b8ee69d99a367e`	pdf-font-stream	PDF embedded font (sfnt) at offset 0xFEF	8472 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.