Malicious PDF — malware analysis report

Static analysis result for SHA-256 da14947fc17e0e73…

MALICIOUS

PDF

47.6 KB Authoring application: Mobipocket Creator
MD5: bc7f2a0fad281f665c96bfa25375661f SHA-1: 49aefbd1a786d25c2b38c77bf8e4dd1217ebb793 SHA-256: da14947fc17e0e7379b6fa6839812b410f5baaa809d53c366e036298d630a727
92 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious File

The PDF contains a lure for users to enter an OTP for verification, which is a common social engineering tactic for phishing. The embedded URLs and ClamAV detection strongly indicate malicious intent, likely to deliver further malware or redirect to a phishing site. The ML classifier also flagged this PDF with high confidence.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9998

Heuristics 3

  • ClamAV: Pdf.Phishing.TtraffRobotInstall-7605656-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.TtraffRobotInstall-7605656-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://krmenterprise.com/uploads/1/3/0/6/130604144/wudadekoliso.pdf
    • http://uclahaubruinwalk.weebly.com/uploads/1/3/0/3/130379069/2cd627.pdf
    • http://kasunixase.osbert11.com/uploads/2020/01/29/dufoz.pdf
    • http://banquinhoeviolao.site/uploads/2020/01/28/xefup.pdf
    • http://marlosonthemove.com/uploads/1/3/0/6/130639511/soxupodigovadotun.pdf
    • http://mychinesewatch.com/uploads/1/3/0/5/130588571/130588571.html#aptitude+questions+pdf+for+interview

Extracted artifacts 3

Files carved from inside the sample during analysis.

FilenameKindSourceSize
font_00_sfnt_off0000115d.bin
13e7cbf389ff29180084a2e1eca52bf74dc14dcdc6b847836271b4a4a45320fd		 pdf-font-stream PDF embedded font (sfnt) at offset 0x115D 10412 bytes
font_01_sfnt_off0000698f.bin
6778f7173ed28b3096633bba785d4ddf7e1b1c333326289238c525b18215af60		 pdf-font-stream PDF embedded font (sfnt) at offset 0x698F 16332 bytes
font_02_sfnt_off00007f11.bin
985cbd9ba5b629f1b749d04d852c0eecb5d8ad374186a1044a60da9476420dc6		 pdf-font-stream PDF embedded font (sfnt) at offset 0x7F11 2788 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.