PDF malware analysis — malicious · fee2ce705e8ce75a

MALICIOUS

PDF

36.0 KB Authoring application: Karbon

MD5: 00f83632c8194502940713e49c003e8d SHA-1: c83965849c00e6d9a8a8e2164948a9ab5ca4cab8 SHA-256: fee2ce705e8ce75a69fe7f21f633009dbdd414bc9daa945ccae7f7f3bde7bdf4

92 Risk Score

Malware Insights

MITRE ATT&CK

T1566.002 Spearphishing Attachment T1204.002 Malicious File

The file is identified as malicious by multiple engines, including ClamAV and an ML classifier. The document body, though partially corrupted, suggests a lure related to a datasheet, which is a common tactic for phishing or malware delivery. The embedded URI points to a PDF hosted on an external domain, likely serving as the next stage of the attack.

Machine Learning

Nyx PDF Classifier malicious score 0.9995

Heuristics 3

ClamAV: Pdf.Phishing.TtraffRobotInstall-7605656-0 critical CLAMAV_DETECTION

ClamAV detected this file as malware: Pdf.Phishing.TtraffRobotInstall-7605656-0
External URI info PDF_URI

PDF contains an external URL action
Embedded URL info EMBEDDED_URL

One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
URL http://onestepforwardinspirations.com/uploads/1/3/0/3/130323196/wejimufaw_ziwizivaraw.pdf
- https://fojozenesexiwu.weebly.com/uploads/1/3/0/6/130603941/88a412.pdf
- http://silvercloudvape.co.uk/uploads/1/3/0/4/130476697/didilu_fulolonejiso_detepipore_goposojikaxebi.pdf
- http://newperspectivemedical.com/uploads/1/3/0/5/130590531/130590531.html#huntsman+araldite+2012+datasheet

Extracted artifacts 1

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`font_00_sfnt_off00001026.bin` `687bddd070553d61e958e0b2a49b29f6475b14be5b57c5b8b7b7d1d56a511cf3`	pdf-font-stream	PDF embedded font (sfnt) at offset 0x1026	8108 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.