Malicious PDF — malware analysis report

Static analysis result for SHA-256 e3b7c12a3b303fe1…

MALICIOUS

PDF

37.2 KB Authoring application: PDF Studio
MD5: b6eaaa1304ffc0447ea65f8a5d9c5564 SHA-1: 4055ceeaab767d6f61d6eb04540b5ad825c4064e SHA-256: e3b7c12a3b303fe12d429b807f82da537a6d927acc22d7e72419fb07687ddcfd
70 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The file is a PDF document that contains embedded URLs and a visual call-to-action, strongly suggesting a phishing or social engineering attack. The ClamAV heuristic specifically identifies it as 'Pdf.Phishing.TtraffRobotInstall-7605656-0', indicating a phishing intent. The document body text, though truncated, includes phrases like 'Instant notes in genetics pdf download' and 'Click Instant notes in genetics pdf download', reinforcing the lure. The primary malicious URLs are http://bellevistaassistedliving.com/uploads/1/3/0/7/130738512/271072.pdf and http://align432yoga.com/uploads/1/3/0/4/130488839/mozerozuga-givamexoke-migura-wanosojurujot.pdf, which are likely hosting further malicious content.

Heuristics 4

  • ClamAV: Pdf.Phishing.TtraffRobotInstall-7605656-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.TtraffRobotInstall-7605656-0
  • Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTON
    Document contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://bellevistaassistedliving.com/uploads/1/3/0/7/130738512/271072.pdf
    • http://align432yoga.com/uploads/1/3/0/4/130488839/mozerozuga-givamexoke-migura-wanosojurujot.pdf
    • https://febizusefuvat.weebly.com/uploads/1/3/0/2/130287269/radameb_wunenofabike_zodataf_vosug.pdf
    • http://alisonlawrence.com/uploads/1/3/0/5/130588567/130588567.html#instant+notes+in+genetics+pdf+download

Extracted artifacts 1

Files carved from inside the sample during analysis.

FilenameKindSourceSize
font_00_sfnt_off00001035.bin
0c0273411cafc311212535e3200379d2f994746a94a4d5c9ed16102fc1edd59a		 pdf-font-stream PDF embedded font (sfnt) at offset 0x1035 8148 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.