Malicious PDF — malware analysis report

Static analysis result for SHA-256 ff6895fbca87e307…

MALICIOUS

PDF

160.6 KB Authoring application: Solid Converter PDF
MD5: fab024820e3417587f1603cad10ba81a SHA-1: 6e38206068e5b1c1f91df6b314c87c5c3cb73d95 SHA-256: ff6895fbca87e3074c182b3254d5d014f486f01c8b08914a3ca9d2b0948dfd63
62 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious File

The file is a PDF document identified by ClamAV as Pdf.Phishing.TtraffRobotInstall-7605656-0. The document body and embedded URLs suggest a lure related to Twitter font styles, likely intended to trick users into downloading further malicious content. The presence of multiple external URIs points to a distribution mechanism for phishing or malware delivery.

Machine Learning

  • Nyx PDF Classifier clean score 0.0097

Heuristics 3

  • ClamAV: Pdf.Phishing.TtraffRobotInstall-7605656-0 critical CLAMAV_DETECTION
    ClamAV detected this file as malware: Pdf.Phishing.TtraffRobotInstall-7605656-0
  • External URI info PDF_URI
    PDF contains an external URL action
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://boiserealestatejournal.com/uploads/1/3/0/6/130639246/xiban.pdf
    • http://beachesinsrilanka.com/uploads/1/3/0/3/130313044/witeseladitodu-piwot.pdf
    • http://alexandraforsythermt.com/uploads/1/3/0/4/130436058/8210016.pdf
    • http://3e3.co.uk/uploads/1/3/0/2/130271126/130271126.html#twitter+font+style+free

Extracted artifacts 10

Files carved from inside the sample during analysis.

FilenameKindSourceSize
font_00_sfnt_off00001162.bin
062dfe442b712e3385ef44a4eeb5a308929bc975a60d4612360776142c431bd7		 pdf-font-stream PDF embedded font (sfnt) at offset 0x1162 12272 bytes
font_01_sfnt_off000051df.bin
e5c9f66f0d870cf165083e1bd7cce86e14b5c4a3411b90647a10727341429b82		 pdf-font-stream PDF embedded font (sfnt) at offset 0x51DF 5896 bytes
font_02_sfnt_off000068a4.bin
a571a681dc71220d0de489e6182763f9612dcf15dcf7fde9869819be602a1cfa		 pdf-font-stream PDF embedded font (sfnt) at offset 0x68A4 34112 bytes
font_03_sfnt_off0000afc3.bin
22e72232e921a00f23890c8bdeda8063a08461c9d5436179f1e181f4e3f751cc		 pdf-font-stream PDF embedded font (sfnt) at offset 0xAFC3 57380 bytes
font_04_sfnt_off000152b2.bin
20bc4e107107d7189d8ec514d4973535f71e27c2af85c00b46dbd5eadb9a4087		 pdf-font-stream PDF embedded font (sfnt) at offset 0x152B2 25208 bytes
font_05_sfnt_off0001ed1d.bin
54ebde97624deea9a50b2d9dafb65a32b0401d50e3bf046e31a8295bfc856241		 pdf-font-stream PDF embedded font (sfnt) at offset 0x1ED1D 10000 bytes
font_06_sfnt_off000201d6.bin
151e4f536d87959adee672931368c7f132cbe012d333c7ccafd9ca2883accbf3		 pdf-font-stream PDF embedded font (sfnt) at offset 0x201D6 6212 bytes
font_07_sfnt_off00021062.bin
51265646061a7e8498d2eab6b301f14ea28e824045621188be208e3c5c7da911		 pdf-font-stream PDF embedded font (sfnt) at offset 0x21062 1984 bytes
font_08_sfnt_off0002190a.bin
39b5853ed197abbaf35c2330ca60d125974e573862458f74a90c72be1cac81d7		 pdf-font-stream PDF embedded font (sfnt) at offset 0x2190A 6680 bytes
font_09_sfnt_off00022af3.bin
bcc487258cc48b99e3c287b2d758539ff9b9da2bc94b592231a6fef280205a98		 pdf-font-stream PDF embedded font (sfnt) at offset 0x22AF3 13728 bytes

Open this report in the interactive analyzer, or submit your own file for analysis.