Malicious PDF — malware analysis report

Static analysis result for SHA-256 ec9c0e454eb5f00d…

MALICIOUS

PDF

97.8 KB
MD5: d01516fee4e96ca9237880b4bb179b59 SHA-1: c0ed8c777b1691d83ca8d770483d57aaaf42c423 SHA-256: ec9c0e454eb5f00daefa4fa39ae38f0a5ef3dadef92b76f6f9c0f05b7eee0853
62 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1059.001 PowerShell

The file is identified as a malicious PDF by ClamAV. A PDF_URI heuristic indicates the presence of an external URL within the document, which is likely used to host malicious content or redirect the user. The embedded URL is http://users.utcluj.ro/~elupu/Curs/upload/Cursuri/Univ.Nord_BM1/Curs_14/c1/1/home/cs/baruch/public_html/media/images/viewtradeorder.html. The document body was not sufficiently readable to determine specific lures.

Machine Learning

  • Nyx PDF Classifier clean score 0.0004

Heuristics 2

  • ClamAV: Pdf.Dropper.Agent-7320568-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7320568-0
  • External URI info PDF_URI
    PDF contains an external URL action

Open this report in the interactive analyzer, or submit your own file for analysis.