PDF malware analysis — malicious · edccb84de07adb6a

MALICIOUS

PDF

38.5 KB Authoring application: Pdftk

MD5: 4bbc66880c06cbc831982acbbe7aead1 SHA-1: db2b444cfb5332b0473f976edaa7814f6cf54796 SHA-256: edccb84de07adb6a6bd91328de3dbd0d68bf346fb6cc0f44de8884657cea53fa

62 Risk Score

Malware Insights

MITRE ATT&CK

T1566.002 Spearphishing Attachment T1059.001 PowerShell

The file is a PDF document that contains multiple embedded URLs. The ClamAV heuristic indicates it is a phishing attempt, likely designed to trick users into downloading further malicious content. The embedded URLs are the primary indicators of compromise, suggesting a delivery mechanism for malicious payloads.

Heuristics 3

ClamAV: Pdf.Phishing.TtraffRobotInstall-7605656-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Phishing.TtraffRobotInstall-7605656-0
External URI info PDF_URI

PDF contains an external URL action
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
URL http://roka.flowers-sale.ru/uploads/2020/01/28/jazudizasimob-belojidozado.pdf
- http://narrinspiceandsauce.com/uploads/1/3/0/4/130476248/9dcb024.pdf
- http://andreanelsonart.com/uploads/1/3/0/2/130271143/fatefob-masuwan-mikoliwokaroro.pdf
- http://2020blue.org/uploads/1/3/0/6/130621625/130621625.html#black+checkered+vans+platform

Extracted artifacts 2

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`font_00_sfnt_off0000101d.bin` `821481c8db60ff587a1613142954675410052c2aca5ac38979e9a14163056ad8`	pdf-font-stream	PDF embedded font (sfnt) at offset 0x101D	8560 bytes
`font_01_sfnt_off0000491d.bin` `094359120818baad251b372eb0b1a3904e7059b25e94b8f19687b70a58d39ccd`	pdf-font-stream	PDF embedded font (sfnt) at offset 0x491D	18344 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.