Malicious PDF — malware analysis report

Static analysis result for SHA-256 cda8383f3478ff6c…

MALICIOUS

PDF

86.7 KB Authoring application: pstoedit
MD5: 8429ad83d78b939d2085510d291a608c SHA-1: 8c1cda28c7474d6108599ef26389f2dd4be582c1 SHA-256: cda8383f3478ff6c83976b4d843c13cb9cedf3c81cec9934d7d32612d9da1fcb
120 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF file was flagged by ClamAV as 'Pdf.Phishing.TtraffRobotInstall-7605656-0'. Static analysis revealed a large number of embedded external links, indicating a link farm designed to redirect users. The document body contains fragmented text related to 'Bangladeshi movie picture' and URLs, further supporting the phishing or redirection lure.

Heuristics 3

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • ClamAV: Pdf.Phishing.TtraffRobotInstall-7605656-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.TtraffRobotInstall-7605656-0
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://oasismassagemckinney.com/uploads/1/3/0/5/130542894/nexowi-babivizabo.pdf
    • http://notfadeawaymemoir.com/uploads/1/3/0/5/130589150/0ed0c809eb.pdf
    • http://nannymoscow.com/uploads/1/3/0/6/130605357/993291af.pdf
    • http://telecelpromo.com/uploads/1/3/0/3/130313120/27c4d76300f904.pdf
    • http://avon-lider.com/uploads/2020/01/29/dinefew.pdf
    • http://liwewube.lesfondsdequilles.com/uploads/2020/01/28/pobokizitaba.pdf
    • http://bacalandersengarrison.com/uploads/1/3/0/2/130288639/fisuloru-ketetoj-misoguguvuv-nitedufizakanis.pdf
    • http://bsa-sccc-pack301.com/uploads/1/3/0/2/130289571/130289571.html#bangladeshi+movie+picture

Extracted artifacts 3

Files carved from inside the sample during analysis.

FilenameKindSourceSize
font_00_sfnt_off00001282.bin
95cbb08698731b5b1d1bd89cfa22862b78951a10d840a1e0eed47e2a63a59e1b		 pdf-font-stream PDF embedded font (sfnt) at offset 0x1282 9528 bytes
font_01_sfnt_off0000618f.bin
1723f1ced37cc89d69e30f3df6281c5e5fb8989544fd4587aa75b00c91af2fd0		 pdf-font-stream PDF embedded font (sfnt) at offset 0x618F 1388 bytes
font_02_sfnt_off00006ab8.bin
1069894f273b81ae7df6d326d9f24495dee531cd6cdf893b951f2c47ecc3c72d		 pdf-font-stream PDF embedded font (sfnt) at offset 0x6AB8 14436 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.