MALICIOUS
94
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF file contains a heuristic firing for an external URI pointing to 'https://jumiwimov.ru/award?keyword=cambridge+english+exam+pdf'. This URL is suspicious and likely leads to a phishing or malware distribution site. The document body, though heavily obfuscated, contains text related to 'Cambridge english exam pdf', suggesting a lure. ClamAV also detected this file as a phishing trojan.
Machine Learning
- Nyx PDF Classifier malicious score 0.6966
Heuristics 3
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://jumiwimov.ru/award?keyword=cambridge+english+exam+pdf
- http://wapuwesifatirok.iblogger.org/all_album_songs_isaimini.pdf
- http://winovigamaj.mygamesonline.org/uglys_electrical_references_2020_edition_6th_edition.pdf
- http://zekagepalido.iblogger.org/hp_deskjet_3054a_printer_cartridge.pdf
- http://zomixuxoluzijum.mywebcommunity.org/lijenabuleboze.pdf
- http://xemifizodagavub.22web.org/44957440961.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://51fd5013-30c4-43d1-89ce-86564632a3b5.filesusr.com/ugd/9f06f8_cc246e421e5f4738ac14340b6d0f5bfc.pdf?index=true
- https://s3.amazonaws.com/rizezobabub/23906996072.pdf
- http://rikulovesemura.rf.gd/kovefabetibonetepon.pdf
- https://uploads.strikinglycdn.com/files/d54d680c-ae1b-456c-9a95-a6ed825008c4/lojuvenikinerozunizu.pdf
- http://pekamidakoj.atwebpages.com/the_sense_of_an_ending_explanation.pdf
- http://nejesezape.myartsonline.com/marketing_manager_jobs_dubai_salary.pdf
- https://uploads.strikinglycdn.com/files/cd3f4daf-4c25-4add-bcc9-f141f202cc4d/which_of_the_following_is_not_typically_found_in_a_decentralized_organization.pdf
- https://27f1a270-5048-4778-87f0-574dfe85248a.filesusr.com/ugd/b7306e_7b25dc52811d447d9ce41bf5e77f027a.pdf?index=true
- https://s3.amazonaws.com/pexodugosa/gizazepojodanabefab.pdf
- https://03ca3561-abfe-48ca-9b59-b1b2b77f8126.filesusr.com/ugd/1af49e_78a819d3bded427ebdece29b014d8e0f.pdf?index=true
- https://s3.amazonaws.com/tezofuretejom/manually_upgrade_windows_10_1803_to_1809.pdf
- http://belunovozexuse.rf.gd/asha_apraxia_technical_report.pdf
- https://uploads.strikinglycdn.com/files/df8a3e47-3467-41fa-8780-eddf6698c8d2/ap_human_geography_chapter_3_migration_quizlet.pdf
- https://uploads.strikinglycdn.com/files/854f7090-b82d-46ba-bcb8-1e2e9f30415c/ensayo_del_principe_de_nicolas_maquiavelo_por_capitulos.pdf
- https://uploads.strikinglycdn.com/files/1303c7ee-57d5-4fbf-aa47-663564669980/79416661937.pdf
- https://9a4203bb-6ff2-4ef1-9c63-3f113f84a884.filesusr.com/ugd/ea9bdf_298ad84da35d48d89ed11e12a10944cc.pdf?index=true
- https://s3.amazonaws.com/jesidofefe/avdhesh_premi_ke_video_gana_ing.pdf
- https://uploads.strikinglycdn.com/files/f1befec5-e116-4564-a13e-22a8f6a58311/69278761345.pdf
- https://s3.amazonaws.com/fewunadupop/the_lucifer_principle_howard_bloom.pdf
- http://scripts.sil.org/OFL
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000f567.bin4d7cbc4f00d6765c56a3f711b2c4c0d46c6a2c6812d07f60fe97507c98f95b02 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xF567 | 5568 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.