Win.Downloader.DocInPDF-10008217-3 — PDF malware analysis

Static analysis result for SHA-256 ef59d7038cfd565f…

MALICIOUS

PDF

207.6 KB
MD5: d537f8b812a3902b90aa16281aa1314b SHA-1: 2bfd1175e777e6df26b151071ec24376086a5c51 SHA-256: ef59d7038cfd565fd65bae12588810d5361df938244ebad33b71882dcf683058
92 Risk Score

Malware Insights

Win.Downloader.DocInPDF-10008217-3 · confidence 95%

MITRE ATT&CK
T1204.002 Malicious File

The file was identified as malicious by ClamAV with the signature Win.Downloader.DocInPDF-10008217-3, indicating it functions as a downloader. The ML classifier also flagged it as malicious. While several URLs were extracted, they were all confirmed as benign.

Machine Learning

  • Nyx PDF Classifier malicious score 0.6843

Heuristics 3

  • ClamAV: Win.Downloader.DocInPDF-10008217-3 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Win.Downloader.DocInPDF-10008217-3
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://microsoft.com
    • http://schemas.microsoft.com/office/2004/12/omml
    • http://www.w3.org/TR/REC-html40
    • http://schemas.openxmlformats.org/drawingml/2006/main

Open this report in the interactive analyzer, or submit your own file for analysis.