MALICIOUS
64
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
The PDF file contains embedded URLs that point to external download sites, masquerading as game content. The ClamAV heuristic identifies this as a dropper, indicating its primary function is to download and execute a secondary payload. The presence of these URLs and the dropper classification strongly suggest a malicious intent to deliver further malware.
Machine Learning
- Nyx PDF Classifier clean score 0.0029
Heuristics 3
-
ClamAV: Pdf.Dropper.Agent-7772971-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Dropper.Agent-7772971-0
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://smartmediafinderthree.com/3489/download.php?id=3489&name=happy+wheels+new+characters+free+download&sid=wppdf16
- http://newfastmediasearcherfive.com/3489/download.php?id=3489&name=happy+wheels+new+characters+free+download&sid=wppdf16
- http://en.wikipedia.org/wiki/MIT_License
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
stream_001_off00001412.bina8c375e3ffbf277addaa7019ed67b51d76cca18dcdd810b05d443b31dd437546 |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x1412 | 548226 bytes |
font_00_sfnt_off00011bcb.binf9060b5a7ffadf50c87e5bf1745237032864214ef349c96d9700f3b0ef8baf21 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x11BCB | 22128 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.