Malicious PDF — malware analysis report

Static analysis result for SHA-256 fcca98c475c4409a…

MALICIOUS

PDF

58.5 KB
MD5: 8766350f6519e5e8a1550ff024150879 SHA-1: 2672b056baddf9f97a3ce87f1f199f2b9f20e33b SHA-256: fcca98c475c4409a728a36b55ad4fa17d13a42ed7d8711831ae1072d605d5879
88 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell

The critical ClamAV detection and the presence of a URL shortener in the PDF metadata strongly indicate malicious intent. The embedded URL, though marked as confirmed benign, is part of the lure. The document body is heavily obfuscated and unreadable, preventing a more detailed analysis of its specific purpose. The heuristic 'Pdf.Dropper.Agent-7328030-0' suggests the file's primary function is to drop or execute other malicious content.

Heuristics 4

  • ClamAV: Pdf.Dropper.Agent-7328030-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7328030-0
  • Clickable URI uses URL shortener medium PDF_URL_SHORTENER_URI
    PDF contains a clickable HTTP(S) action whose destination is a URL shortener. This hides the final landing page from static review and is common in phishing redirect PDFs.
  • Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTON
    Document contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://bit.ly/2wTMuYg

Extracted artifacts 4

Files carved from inside the sample during analysis.

FilenameKindSourceSize
font_00_cff_off0000273b.bin
25cab6a2f7919b576e1f77421311d2e5a0b3dc8376113e28a8a97797ee2dbf5d		 pdf-font-stream PDF embedded font (cff) at offset 0x273B 234 bytes
font_01_cff_off00002841.bin
541777bcb011b596c13e00d3852326d90b94960b04cd30de15cedc4022452fa3		 pdf-font-stream PDF embedded font (cff) at offset 0x2841 2744 bytes
font_02_cff_off00003266.bin
403961ba0441f9e1c315715843fff2c999a2119d1f8d850c57a47f9e672ab2ea		 pdf-font-stream PDF embedded font (cff) at offset 0x3266 660 bytes
font_03_sfnt_off00006352.bin
34d8749a369d0017b67d904e53453b5a120ec911834434a146c9adf8c9bec26f		 pdf-font-stream PDF embedded font (sfnt) at offset 0x6352 55184 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.