PDF malware analysis — malicious · d83a7163d5281856

MALICIOUS

PDF

35.3 KB Authoring application: Nitro PDF

MD5: b57515669ecd863ceaf87a654cedd0dc SHA-1: 5fe9ae383352548e5f3bbd1eec8dc074fa60424f SHA-256: d83a7163d5281856f2a29dc2f717802c6d0b4378ef6dfc49468236caf2fa19bf

92 Risk Score

Malware Insights

MITRE ATT&CK

T1566.002 Spearphishing Attachment T1204.002 Malicious File

The file was detected by ClamAV as Pdf.Phishing.TtraffRobotInstall-7605656-0 and a machine learning classifier flagged it with high confidence. The document body contains multiple URLs pointing to PDF files hosted on external domains, suggesting a phishing or malware distribution lure. The presence of these URLs indicates an attempt to redirect the user to malicious content.

Machine Learning

Nyx PDF Classifier malicious score 0.9998

Heuristics 3

ClamAV: Pdf.Phishing.TtraffRobotInstall-7605656-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Phishing.TtraffRobotInstall-7605656-0
External URI info PDF_URI

PDF contains an external URL action
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
URL http://mosquesjobs.com/uploads/1/3/0/2/130288552/dolim.pdf
- http://miputt.com/uploads/1/3/0/3/130323092/fevoguf.pdf
- http://peacesupportfund.org/uploads/1/3/0/2/130274376/jazupuj.pdf
- http://krafjohor.com/uploads/1/3/0/4/130476462/3596784.pdf
- http://thehnossaproject.com/uploads/1/3/0/6/130621788/130621788.html#angular+material+design+template+github

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`font_00_sfnt_off00000feb.bin` `099ef434821e715ff4412af8a315a49d11f99e058b9e423192f402374558245e`	pdf-font-stream	PDF embedded font (sfnt) at offset 0xFEB	8348 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.