PDF malware analysis — malicious · fbbc08235f3c1141

MALICIOUS

PDF

200.8 KB Authoring application: PyPDF2

MD5: da1c8a81c460a4c356b769286526e4a8 SHA-1: 345a28da4559d21e2506d9b1a834f0dff8267cef SHA-256: fbbc08235f3c11416b84b4ced9b1b34c5a22338749385d75666dba2e550a5e26

90 Risk Score

Malware Insights

MITRE ATT&CK

T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF document is identified as a malicious screenshot lure, containing an image designed to conceal a clickable link. The heuristic 'PDF_ESCAPED_URI_IMAGE_LURE' specifically extracts the malicious URL, which is the primary indicator of compromise. The ML classifier also strongly suggests maliciousness. The document's structure and the presence of the hidden URL indicate an attempt to trick the user into navigating to a site that likely hosts further malicious content.

Machine Learning

Nyx PDF Classifier malicious score 0.8485

Heuristics 2

Image-heavy PDF hides clickable URL with PDF string escapes high PDF_ESCAPED_URI_IMAGE_LURE

PDF is image-heavy with little real text and its clickable HTTP(S) URI is encoded with PDF octal escapes. This combination is common in credential-phishing PDFs that render a screenshot-like prompt and obscure the destination from simple URL extractors.
Image-only document with action trigger (screenshot lure) medium PDF_IMAGE_LURE

PDF has 1 image(s), only 0 text block(s), carries a click-outward action, and is only 200 KB — typical shape of a phishing lure where a full-page screenshot hides a clickable button that launches or submits to an attacker URL.

Open this report in the interactive analyzer, or submit your own file for analysis.