PDF malware analysis — malicious · c2bb9c13f59643e7

MALICIOUS

PDF

133.6 KB Created: 2016-02-12 13:10:50 +01:00 Authoring application: Microsoft® Word 2016

MD5: d343cb102fba531412f137724af8ab0b SHA-1: 12dab2ac06666ef47a6c1be2a1e07fd0e327015f SHA-256: c2bb9c13f59643e709db8656dd85b82aeed87f02299ffcefa3e4be4779c9983b

90 Risk Score

Malware Insights

MITRE ATT&CK

T1566.002 Spearphishing Attachment T1204.002 User Execution: Malicious Link

The PDF was identified as an image-only lure, a common phishing technique. It contains a single embedded URL that points to a URL shortener, increasing the likelihood of malicious intent by obscuring the final destination. The ML classifier also flagged this PDF as malicious.

Machine Learning

Nyx PDF Classifier malicious score 0.6611

Heuristics 3

Image-only PDF lure links through URL shortener high PDF_IMAGE_LURE_SHORTENER_LINK

PDF is image-heavy with little real text and its clickable action points to a URL shortener. This is a high-confidence credential-phishing carrier shape: the visible page is a screenshot-like prompt while the destination is hidden behind redirect infrastructure.
Image-only document with action trigger (screenshot lure) medium PDF_IMAGE_LURE

PDF has 2 image(s), only 0 text block(s), carries a click-outward action, and is only 133 KB — typical shape of a phishing lure where a full-page screenshot hides a clickable button that launches or submits to an attacker URL.
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.

URL http://bit.ly/1o5TB6t

Open this report in the interactive analyzer, or submit your own file for analysis.