PDF malware analysis — malicious · ba702af225ba344c

MALICIOUS

PDF

284.5 KB Created: 2011-04-06 16:40:49 Authoring application: Joomla! 1.5 - Open Source Content Management (via TCPDF 2.5.000_PHP4 (http://www.tcpdf.org))

MD5: 171919238c7e5ff7a66c9025afdd0d56 SHA-1: 6aeb94e24955f3c32ef98fc9dfa04cdde2331af3 SHA-256: ba702af225ba344cc9a377e92daf487741c7619ba0b34d97392f70721a2f6903

60 Risk Score

Malware Insights

MITRE ATT&CK

T1566.002 Spearphishing Attachment T1059.001 PowerShell

The file is a PDF document identified by ClamAV as Pdf.Dropper.Agent-7597664-0. It contains an embedded URL that is marked as unknown reputation, suggesting a potential malicious destination. The PDF structure and embedded content indicate a delivery mechanism for further malicious activity.

Machine Learning

Nyx PDF Classifier clean score 0.2455

Heuristics 2

ClamAV: Pdf.Dropper.Agent-7597664-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Dropper.Agent-7597664-0
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
URL http://gdhdfhedrhdfh.co.cc/QQkFBg0AAQ0MBA0DEkcJBQYNAQIEAgEMBQ==
- http://ns.adobe.com/xap/1.0/
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/sType/ResourceRef#
- http://ns.adobe.com/photoshop/1.0/
- http://ns.adobe.com/tiff/1.0/
- http://ns.adobe.com/exif/1.0/
- http://www.iec.ch

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`stream_004_off0000c533.bin` `a5337ef1f5a0dfe4dc8fa6b4f3ef847a53624800b5928a0eeef5b888ceecaabc`	decompressed-pdf-stream	PDF FlateDecoded stream at offset 0xC533	264072 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.