PDF malware analysis — malicious · cea23e22af997f40

MALICIOUS

PDF

31.1 KB Authoring application: PDFedit

MD5: 180970f333c75d061c729578b50b01d8 SHA-1: beedc39a648c3855c7153337bb534f72c62e1337 SHA-256: cea23e22af997f40afe510b49bd03aeb436be5faa4ee83abb0377edea639a0b7

92 Risk Score

Malware Insights

MITRE ATT&CK

T1566.002 Spearphishing Attachment T1204.002 Malicious File

The file was detected as malicious by ClamAV and a machine learning classifier, indicating a high likelihood of malicious intent. The presence of multiple embedded URLs suggests a phishing or social engineering attack, aiming to trick the user into downloading further malicious content. The document body contains obfuscated text and references to the URLs, reinforcing the lure.

Machine Learning

Nyx PDF Classifier malicious score 0.9997

Heuristics 3

ClamAV: Pdf.Phishing.TtraffRobotInstall-7605656-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Phishing.TtraffRobotInstall-7605656-0
External URI info PDF_URI

PDF contains an external URL action
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
URL http://mytrippytreatzllc.com/uploads/1/3/0/3/130379356/7188279.pdf
- http://bulewabij.penostroy.com/uploads/2020/01/28/d4d61f.pdf
- http://christusvictorlutheranchurch.org/uploads/1/3/0/2/130271148/9409677.pdf
- http://optiki.bg/uploads/1/3/0/6/130621191/65613bf2ace.pdf
- http://rehphotography.org/uploads/1/3/0/4/130483167/130483167.html#relative+clauses+exercises+pdf+4+eso

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`font_00_sfnt_off00001042.bin` `ff0f8a0f13be0759fbbdff8481755687725c4e61af395c213a1dd704991270f8`	pdf-font-stream	PDF embedded font (sfnt) at offset 0x1042	8620 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.