MALICIOUS
94
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
The file is a PDF that contains embedded URLs, some of which point to potentially malicious content. The ClamAV detection and ML classifier indicate malicious intent, likely related to phishing or delivering a trojan. The document body, though heavily obfuscated, suggests a lure related to a 'request for permission letter format'.
Machine Learning
- Nyx PDF Classifier malicious score 0.6514
Heuristics 3
-
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://www.makathastaliklari.net/wp-content/plugins/formcraft/file-upload/server/content/files/1606dd497b9cb5---17343056922.pdf
- https://bokseinstituttet.dk/wp-content/plugins/formcraft/file-upload/server/content/files/16078e4afafc76---sidosolerapegidezosalafub.pdf
- http://ar-intl.net/wp-content/plugins/super-forms/uploads/php/files/68j9pjikp1m38s7gd4kkv8prj7/3174053780.pdf
- http://saamfactory.com/wp-content/plugins/super-forms/uploads/php/files/cedc7568a2b71b51b7562b9551b36239/65479564949.pdf
- https://www.chauffeur-prive-nice.fr/wp-content/plugins/formcraft/file-upload/server/content/files/1606ca6d267eb6---kujokupesus.pdf
- https://www.makathastaliklari.net/wp-content/plugins/formcraft/file-upload/server/content/files/1608026645c1f2---93335444943.pdf
- https://www.acetechnology.co.in/wp-content/plugins/super-forms/uploads/php/files/4b47nclgp3cjv43d1jk5lfv26p/lijanijom.pdf
- https://www.davinci.dk/wp-content/plugins/formcraft/file-upload/server/content/files/1608b303e9e7d6---mofedumigamukonezureneli.pdf
- http://www.pirac.org/wp-content/plugins/super-forms/uploads/php/files/e710a107410d3e00942547bfdd5a8597/61884334304.pdf
- https://earthchartercities.org/wp-content/plugins/formcraft/file-upload/server/content/files/1607dc3a2988a5---93455269657.pdf
- https://www.capitalroofingct.com/wp-content/plugins/formcraft/file-upload/server/content/files/1607c2f926b688---67279985494.pdf
- https://antoinepanau.com/wp-content/plugins/super-forms/uploads/php/files/d3dc5adb87f750326e2a96cabbdd9d84/70800728523.pdf
- http://manufim.co.il/wp-content/plugins/formcraft/file-upload/server/content/files/1606c7824d2853---monofoxowetixama.pdf
- http://festivaldeliteraturadepereira.com/wp-content/plugins/formcraft/file-upload/server/content/files/1607a3d54b1fc4---85975006071.pdf
- https://www.marvistasales.com/wp-content/plugins/super-forms/uploads/php/files/55650c363bed0ac67485b4f8e5d4fd28/zavobewifosupubixod.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- http://www.daltonmaag.com/
- https://feedproxy.google.com/~r/1eyvgo/aqOO/~3/PmAiG5ZyT-k/uplcv?utm_term=request+for+permission+letter+format+pdf
- http://scripts.sil.org/OFL
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000de72.bin74d174fab75ec5d4cfb4e0ecbeb1fe900e5d85c588e81dbd40b7c39cac1284c6 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xDE72 | 5204 bytes |
font_01_sfnt_off0000f008.bin644abe11e61367ac71574fc519a5895bf8da18b5abe128ac69f07768a20c31e4 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xF008 | 9948 bytes |
font_02_sfnt_off00011200.bince7e2e230a41ba6fc2d7d2240890c8289d67876d84a3d076d67c0b48111c8230 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x11200 | 4324 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.