PDF static analysis report

Static analysis result for SHA-256 fc234b4677a21851…

CLEAN

PDF

543.0 KB Created: 2020-03-25 18:10:16 +00:00 Authoring application: Microsoft® Word 2013 First seen: 2020-09-04
MD5: 4912fd92da1fb1aeccb893e46d4c98fb SHA-1: 121e28c1b9698754343665ce5dce6f41908a73c1 SHA-256: fc234b4677a2185133db548f881d8c050886f28f367e48b5ca0fc89f30c87666
12 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1059.001 PowerShell

The PDF file was authored by Microsoft Word and contains numerous embedded URLs. While the URLs themselves are currently flagged as benign, their sheer quantity and repetition within the document body suggest a malicious intent, possibly for a phishing campaign or to host further malicious content. The presence of PDF_URI and EMBEDDED_URL heuristics further supports this assessment.

Machine Learning

  • Nyx PDF Classifier clean score 0.0013

Heuristics 3

  • Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTON
    Document contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL https://storage.googleapis.com/pdf11/xss.htm PDF link annotation
    • https://storage.googleapis.com/ganpdf0/xss.htmIn PDF document text