Malicious PDF — malware analysis report

Static analysis result for SHA-256 e17d2e88fcd53264…

MALICIOUS

PDF

51.3 KB Authoring application: Karbon
MD5: 08e01e76c4377aaaf9f38eb6ff17a9f8 SHA-1: 7d756497e89ad7a4b62a7f67de50ad3c01996e46 SHA-256: e17d2e88fcd53264715e3b7646bfeea295721ebd1f03c1364028d85b3a85e68b
92 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell

The file is a PDF document that contains multiple embedded URLs. The ClamAV detection 'Pdf.Phishing.TtraffRobotInstall-7605656-0' and the ML classifier strongly indicate malicious intent. The document body itself contains references to these URLs, suggesting a phishing or redirection attempt to download further malicious content.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9865

Heuristics 3

  • ClamAV: Pdf.Phishing.TtraffRobotInstall-7605656-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.TtraffRobotInstall-7605656-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://myprimeday.com/uploads/1/3/0/6/130639321/monapaleta_vivolituwomogov_nuzalepigovux.pdf
    • http://mesabimusicaltheatre.com/uploads/1/3/0/4/130436162/kimojoxu.pdf
    • http://tampa321sold.com/uploads/1/3/0/2/130288439/powasejolotinar_dodizan.pdf
    • http://drpatty.net/uploads/1/3/0/7/130775191/130775191.html#shinchan+video+song+tamil

Extracted artifacts 5

Files carved from inside the sample during analysis.

FilenameKindSourceSize
font_00_sfnt_off00001262.bin
f49448dea6fdf9eaea460e3b8ddcd38a18a3550812848d657ac0050a56d19cf9		 pdf-font-stream PDF embedded font (sfnt) at offset 0x1262 9912 bytes
font_01_sfnt_off000048d4.bin
ac49849b978058f48725d089179747450f7987fdfd4cddbc63fac11af8b99083		 pdf-font-stream PDF embedded font (sfnt) at offset 0x48D4 16384 bytes
font_02_sfnt_off00005e3d.bin
88e5a85a61927209394bb3000870f0d643291fb66938935e676b20917d7fdd33		 pdf-font-stream PDF embedded font (sfnt) at offset 0x5E3D 1728 bytes
font_03_sfnt_off00006651.bin
c5aa33a46d4430e87d1edd20d9f0f04f1154f4803b927b451b8dabf4aff01235		 pdf-font-stream PDF embedded font (sfnt) at offset 0x6651 5536 bytes
font_04_sfnt_off0000782f.bin
f95ef5ba9a5f75fdca4933e93b61c5a83661dea06611f3d359316107115ebf16		 pdf-font-stream PDF embedded font (sfnt) at offset 0x782F 11788 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.