MALICIOUS
60
Risk Score
Malware Insights
MITRE ATT&CK
T1204.002 Malicious File
The PDF contains a direct link to a ZIP archive, identified by the PDF_DIRECT_PAYLOAD_LINK heuristic. This indicates a clear attempt to deliver a malicious payload. The embedded URL is the primary indicator of compromise. No scripts were extracted, limiting further analysis of the payload's behavior.
Machine Learning
- Nyx PDF Classifier clean score 0.0788
Heuristics 2
-
PDF link points directly to executable/archive payload critical PDF_DIRECT_PAYLOAD_LINKPDF contains a clickable HTTP(S) URI whose path ends in an executable, script, shortcut, disk image, or archive extension. Documents can legitimately link to installers, so this is a high-risk delivery indicator rather than a standalone exploit fingerprint.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://edificiaconcept.ro/gnome2/64518152c92aa.zip
Extracted artifacts 4
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_cff_off000006f2.bin321e7c1033e1f2d21a39e55764be64c5b600a25ef08997d0815b6c94fe4f25cf |
pdf-font-stream | PDF embedded font (cff) at offset 0x6F2 | 2587 bytes |
font_01_cff_off00002c1c.binedb617c123f49533789229e253b0ed4b762c942ee8b361ae2a51c5de64c039f5 |
pdf-font-stream | PDF embedded font (cff) at offset 0x2C1C | 539 bytes |
font_02_cff_off0000494b.binad94c8d0782a8d4ff4712e2208c4cd4a24e4055c5ba482e5ef060cdc240d7d50 |
pdf-font-stream | PDF embedded font (cff) at offset 0x494B | 3497 bytes |
font_03_cff_off00007205.bin7aba96ca5b702ebea26fcfaab297fed56fcab65245720eb40758c8ee684af466 |
pdf-font-stream | PDF embedded font (cff) at offset 0x7205 | 633 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.