Malicious PDF — malware analysis report

Static analysis result for SHA-256 f3ffb1760047013f…

MALICIOUS

PDF

38.4 KB
MD5: 0083aab33d41f8cc2c6f799fefccfc5c SHA-1: 07afafb7d3d383b1b6528a702b6773134ae53e40 SHA-256: f3ffb1760047013f294fd403403771b8684cf7584aa1fc5198d60e712102c0b1
62 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1059.001 PowerShell

The PDF document uses a cloud document lure to trick the user into interacting with a suspicious link. The link redirects through an intermediary URL to a malicious domain, likely to download and execute a second-stage payload. The presence of external URIs and suspicious link lures indicates a phishing attempt.

Heuristics 3

  • Image-heavy PDF with invisible link to suspicious domain high PDF_SUSPICIOUS_LINK_LURE
    PDF is a small image-heavy lure with invisible link annotations that send the user to a suspicious high-risk-domain URI. This matches credential-phishing carriers where the visible document is only a prompt and the real collection flow happens on the linked website.
  • Cloud document impersonation lure medium SE_CLOUD_DOC_LURE
    Document impersonates a cloud file-sharing service such as SharePoint, OneDrive, Google Drive, Dropbox, Box, or Microsoft 365 and asks the user to open, verify, or access a shared document
  • External URI info PDF_URI
    PDF contains an external URL action

Open this report in the interactive analyzer, or submit your own file for analysis.