PDF malware analysis — malicious · d3e7077ed57ab1d7

MALICIOUS

PDF

51.3 KB Created: 2020-08-01 11:13:51 Authoring application: Mobipocket Creator First seen: 2026-06-21

MD5: 987e4f70ea155aadc3b9e8287655c73e SHA-1: 3bd354243ea11125efcebcb30f77a4557197abf7 SHA-256: d3e7077ed57ab1d73f17bf7b15cb09c1bd0a54f59ea2c46bf88ff309f0651ab4

94 Risk Score

Machine Learning

Nyx PDF Classifier malicious score 0.5714

Heuristics 3

ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
External URI info PDF_URI

PDF contains an external URL action
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
URL http://www.ascendercorp.com/ PDF link annotation
- http://www.ascendercorp.com/typedesigners.htmlPDF link annotation
- http://www.w3.org/1999/02/22-rdf-syntax-ns#PDF link annotation
- http://purl.org/dc/elements/1.1/PDF link annotation
- http://ns.adobe.com/pdf/1.3/PDF link annotation
- http://ns.adobe.com/xap/1.0/PDF link annotation
- http://ns.adobe.com/xap/1.0/mm/PDF link annotation
- http://ns.adobe.com/xap/1.0/rights/PDF link annotation
- http://scripts.sil.org/OFLPDF link annotation

Extracted artifacts 2

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`font_00_sfnt_off00008e1f.bin`	pdf-font-stream	PDF embedded font (sfnt) at offset 0x8E1F	5548 bytes
SHA-256: `5e1fde6955627699122e34da30b61b389bb116eac563ea0d082a209f11b193c3`
`font_01_sfnt_off0000a038.bin`	pdf-font-stream	PDF embedded font (sfnt) at offset 0xA038	10304 bytes
SHA-256: `978ee9eac66818e0bdac6b41150e3626681c816f6f328d92b47bbb9ff64960fc`

Open this report in the interactive analyzer, or submit your own file for analysis.