PDF malware analysis — malicious · dbd74487c59ed2ad

MALICIOUS

PDF

32.5 KB Authoring application: LibreOffice

MD5: 455dd067d8bd15bcbd20bc28979d1462 SHA-1: 9f53946ced4d0d18fb44b099fc0715db698e0b4d SHA-256: dbd74487c59ed2ad196fabb021288788c369a552edc134d3dee804fdbced8680

62 Risk Score

Malware Insights

MITRE ATT&CK

T1566.002 Spearphishing Attachment T1204.002 Malicious File

The file is a PDF document that contains multiple embedded URLs, all pointing to other PDF files. The ClamAV heuristic 'Pdf.Phishing.TtraffRobotInstall-7605656-0' strongly suggests a phishing or malicious intent. The document body, though partially corrupted, mentions 'Cisco certification roadmap 2017 pdf', indicating a lure to download further malicious content.

Heuristics 3

ClamAV: Pdf.Phishing.TtraffRobotInstall-7605656-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Phishing.TtraffRobotInstall-7605656-0
External URI info PDF_URI

PDF contains an external URL action
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
URL http://nothingtotriflewith.com/uploads/1/3/0/6/130604311/fanufiwujaxe.pdf
- http://nexusit.net/uploads/1/3/0/7/130775033/9c60b56b.pdf
- http://dpartphoto.com/uploads/1/3/0/6/130604145/10b65b3b1dfdf9.pdf
- http://zachchasman.com/uploads/1/3/0/5/130551925/3485174.pdf
- http://modernpavingsystems.com/uploads/1/3/0/6/130621201/7720643.pdf
- http://5pointauto.com/uploads/1/3/0/5/130588675/130588675.html#cisco+certification+roadmap+2017+pdf

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`font_00_sfnt_off00001084.bin` `371c1d6c6999618cb86ba86b80d7ed089610fe88ff0e055731671d08e1c82318`	pdf-font-stream	PDF embedded font (sfnt) at offset 0x1084	8604 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.