Malicious PDF — malware analysis report

Static analysis result for SHA-256 fd30f7e633d3373f…

MALICIOUS

PDF

58.6 KB
MD5: 11d10c1d01601efcd8da731f532db9b0 SHA-1: 187530e892a740572a4c8f5711ab3dfe608c2469 SHA-256: fd30f7e633d3373f915c0e6d814219fb979b2e851101dab0c1cbbf5e991b26ef
88 Risk Score

Malware Insights

MITRE ATT&CK
T1059.001 PowerShell

The PDF file contains an embedded URL that utilizes a URL shortener, indicating a potential redirection to a malicious site. ClamAV also detected this file as a known dropper. While the document body is heavily obfuscated and unreadable, the presence of a URL shortener and the ClamAV detection strongly suggest a malicious intent, likely for phishing or malware delivery.

Heuristics 4

  • ClamAV: Pdf.Dropper.Agent-7328304-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Dropper.Agent-7328304-0
  • Clickable URI uses URL shortener medium PDF_URL_SHORTENER_URI
    PDF contains a clickable HTTP(S) action whose destination is a URL shortener. This hides the final landing page from static review and is common in phishing redirect PDFs.
  • Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTON
    Document contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://bit.ly/2wTMuYg

Extracted artifacts 4

Files carved from inside the sample during analysis.

FilenameKindSourceSize
font_00_cff_off0000273b.bin
25cab6a2f7919b576e1f77421311d2e5a0b3dc8376113e28a8a97797ee2dbf5d		 pdf-font-stream PDF embedded font (cff) at offset 0x273B 234 bytes
font_01_cff_off00002841.bin
541777bcb011b596c13e00d3852326d90b94960b04cd30de15cedc4022452fa3		 pdf-font-stream PDF embedded font (cff) at offset 0x2841 2744 bytes
font_02_cff_off00003266.bin
403961ba0441f9e1c315715843fff2c999a2119d1f8d850c57a47f9e672ab2ea		 pdf-font-stream PDF embedded font (cff) at offset 0x3266 660 bytes
font_03_sfnt_off00006352.bin
34d8749a369d0017b67d904e53453b5a120ec911834434a146c9adf8c9bec26f		 pdf-font-stream PDF embedded font (sfnt) at offset 0x6352 55184 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.