PDF malware analysis — malicious · bc415d1f0c8d8af1

MALICIOUS

PDF

94.4 KB Created: 2015-03-05 17:03:02 +02:00 Authoring application: Microsoft® Word 2013

MD5: 0323382619193827959ee85631f6043d SHA-1: f64e86177b5b5f8db8a78c346e2a165423b4a427 SHA-256: bc415d1f0c8d8af1b02008f03788de7e073650893eec01296c537346b42f7244

60 Risk Score

Malware Insights

MITRE ATT&CK

T1204.002 Malicious File

The PDF document contains a direct link to a Windows executable file, identified by the heuristic PDF_DIRECT_PAYLOAD_LINK. The embedded URL, http://www.tradingdirects.co.uk/Shipping2015.exe, is presented as a shipping notification, aiming to lure the user into downloading and running the malicious payload. No scripts were extracted from this sample.

Machine Learning

Nyx PDF Classifier clean score 0.1327

Heuristics 2

PDF link points directly to executable/archive payload critical PDF_DIRECT_PAYLOAD_LINK

PDF contains a clickable HTTP(S) URI whose path ends in an executable, script, shortcut, disk image, or archive extension. Documents can legitimately link to installers, so this is a high-risk delivery indicator rather than a standalone exploit fingerprint.
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.

URL http://www.tradingdirects.co.uk/Shipping2015.exe

Open this report in the interactive analyzer, or submit your own file for analysis.