PDF malware analysis — malicious · fbe8bfccfb88daf2

MALICIOUS

PDF

44.5 KB Authoring application: SWFTools

MD5: 4dc21eb6f34449a04e310dbbde24432b SHA-1: 164bd29d85b51a7e8fca03bbb56a21ebdd19ecad SHA-256: fbe8bfccfb88daf2eac02344bce7d20c1bda0aa98cc0ea3730d5e2988a07b33e

62 Risk Score

Malware Insights

MITRE ATT&CK

T1566.002 Spearphishing Attachment T1204.002 Malicious File

The file is identified as malicious by ClamAV with the signature Pdf.Phishing.TtraffRobotInstall-7605656-0. It contains multiple embedded URLs pointing to PDF files hosted on various domains, suggesting a phishing or social engineering campaign. The document body, though heavily obfuscated, contains text related to legal documents, reinforcing the lure.

Heuristics 3

ClamAV: Pdf.Phishing.TtraffRobotInstall-7605656-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Phishing.TtraffRobotInstall-7605656-0
External URI info PDF_URI

PDF contains an external URL action
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
URL http://northwestembroidery.net/uploads/1/3/0/2/130270859/9247790.pdf
- http://mspuppies.com/uploads/1/3/0/6/130620263/8839967.pdf
- http://stlouistriathlon.com/uploads/1/3/0/7/130776106/jinoxi.pdf
- http://ndchair.com/uploads/1/3/0/8/130874535/130874535.html#arbitration+and+conciliation+act+1996+book+pdf

Extracted artifacts 2

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`font_00_sfnt_off00000fd9.bin` `a53ce3fc5e9afc5839c0ced1b8ad76611d1f4dc868e496d92534632128eebcda`	pdf-font-stream	PDF embedded font (sfnt) at offset 0xFD9	8572 bytes
`font_01_sfnt_off00006688.bin` `c57f438fd6489f902571d3a048a81888a473e4f30a1f1b398165343767f7e493`	pdf-font-stream	PDF embedded font (sfnt) at offset 0x6688	8556 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.