PDF malware analysis — malicious · ef1a32a78be3f07f

MALICIOUS

PDF

36.5 KB Authoring application: LibreOffice Draw

MD5: 4f55288e5581c27810eb157df96c8869 SHA-1: 1e6389ba5dc63cae012af8c81bc44dddfa509b20 SHA-256: ef1a32a78be3f07f5b52fbe5f696499fde41531ef2f74740d52de17881c74537

62 Risk Score

Malware Insights

MITRE ATT&CK

T1566.002 Spearphishing Attachment T1059.001 PowerShell

The ClamAV heuristic 'Pdf.Phishing.TtraffRobotInstall-7605656-0' indicates a phishing attempt delivered via a PDF. The embedded URIs point to external PDF files, suggesting a lure to download further malicious content. The document body contains garbled text, but the presence of multiple external URIs strongly suggests a phishing or social engineering attack.

Heuristics 3

ClamAV: Pdf.Phishing.TtraffRobotInstall-7605656-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Phishing.TtraffRobotInstall-7605656-0
External URI info PDF_URI

PDF contains an external URL action
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
URL http://quarkstein.net/uploads/1/3/0/7/130776492/vuwagujozob-muxigakipur.pdf
- http://thejuiceunion.com/uploads/1/3/0/2/130288864/522653.pdf
- http://mklmok.com/uploads/1/3/0/4/130489128/7beaf40f17e29.pdf
- http://zeluza.limpopo39.ru/uploads/2020/01/28/wibebudigar.pdf
- http://keeley-smith.com/uploads/1/3/0/5/130550846/3394799.pdf
- http://multistreams.com/uploads/1/3/0/7/130775053/130775053.html#how+csma%2Fcd+works+in+ethernet

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`font_00_sfnt_off00001068.bin` `d8048bb9531e4029d1f524badd59d1a89e1a5ada84d27bf644c74480c259de75`	pdf-font-stream	PDF embedded font (sfnt) at offset 0x1068	7944 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.