MALICIOUS
64
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The file is a PDF document that contains an embedded URI pointing to a suspicious domain, identified by ClamAV as Pdf.Phishing.Trojan. The document body, though heavily obfuscated, suggests a lure related to a 'blouse cutting and stitching book pdf'. The presence of external URIs and the ClamAV detection strongly indicate a phishing or malware distribution attempt.
Machine Learning
- Nyx PDF Classifier suspicious score 0.3988
Heuristics 3
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://pelibifir.ru/award?keyword=blouse+cutting+and+stitching+book+pdf
- http://kinoogf.space/93708321000ssayx.pdf
- http://promooffer.site/nordictrack_a2105_for_sale8jrvt.pdf
- http://feyakast.online/93767338815vd3pg.pdf
- https://cdn.sqhk.co/wimedizi/gfjhN0S/blue_apron_coupon_for_existing_customer.pdf
- https://cdn-cms.f-static.net/uploads/4422180/normal_600fd63d88c87.pdf
- https://cdn-cms.f-static.net/uploads/4385204/normal_604a13312d8a3.pdf
- http://axecheat1.xyz/16664894224ukpcj.pdf
- https://cdn.sqhk.co/kutogudofi/jeiegcJ/color_electrical_tape_home_depot.pdf
- http://songkfrk.site/lifijanenofiruogvt4.pdf
- https://cdn-cms.f-static.net/uploads/4465688/normal_602fad434e929.pdf
- http://wrinklestiltskin.com/dozilh265g.pdf
- http://andyhong.blog/air_jet_fighter_moviesuepz6.pdf
- http://myfoxing.online/onaroo_teach_me_time_talking_alarm_clock_sleep_trainer_and_nightlight5hhai.pdf
- http://lifeit.pro/mebaludubofogonigufotcvxm.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- http://fedorahosted.org/lohit
- http://www.indictrans.org
- https://s3.amazonaws.com/babuxufarizuxur/74553520990.pdf
- https://s3.amazonaws.com/rolefosiju/6440420240.pdf
- https://s3.amazonaws.com/wekibik/nevasowitozamevitoxo.pdf
- https://s3.amazonaws.com/domegagowevag/40565310376.pdf
- https://s3.amazonaws.com/gezejoputiwinu/sevefut.pdf
- https://s3.amazonaws.com/lekelepowo/are_self_closing_doors_required_on_flammable_cabinets.pdf
- http://scripts.sil.org/OFL
- http://dejavu.sourceforge.net
- http://dejavu.sourceforge.net/wiki/index.php/License
Extracted artifacts 7
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000d4f9.bin751438b723427c5ed7f5ec2b2015b99a8a65b64d2796f1936b7b4ad048d81359 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xD4F9 | 5572 bytes |
font_01_sfnt_off0000e7f0.bindbaab8dcf32bfe64cb008f34eb54f5316f62236e8dffe3de49b44225404383a5 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xE7F0 | 2656 bytes |
font_02_sfnt_off0000f2f4.bin864cbe2c6973b44d2b71e19ffbffb2328dcb3759b07ceb43c11d5a372fc4956d |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xF2F4 | 2328 bytes |
font_03_sfnt_off0000fdaa.bin00a945237f6b864b00fbf81283986f0fe986bd9b0d29dbf22e41200b3b742ffc |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xFDAA | 2036 bytes |
font_04_sfnt_off0001077d.bin87016e8933cc862d1d188edfbee698abcff8178ed3d6b510b61737ee02f60284 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1077D | 4336 bytes |
font_05_sfnt_off0001151e.bin158e744ca60a336c29f191679846de55f09b1a565af0f1376ea87daab3625c05 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1151E | 12652 bytes |
font_06_sfnt_off00013fa4.bin560548190d3588af37ebd144b10067da26eafb353cf82387b3a26894bc5052bc |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x13FA4 | 16364 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.