MALICIOUS
64
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
The file is identified as malicious by ClamAV with a specific signature indicating it is a phishing trojan. The presence of an external URI pointing to 'smidgel.ru' with a query parameter suggesting a software download, combined with multiple other embedded URLs, strongly indicates a phishing or social engineering attack. The document body is heavily obfuscated, preventing a clear understanding of its direct content, but the overall structure and heuristic firings point to a lure for downloading a secondary payload.
Machine Learning
- Nyx PDF Classifier suspicious score 0.4209
Heuristics 3
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://smidgel.ru/uplcv?utm_term=win+7+home+basic+64+bit+key
- http://rm-centr.ru/uploads/file/34951660255.pdf
- https://kvartira-zalog.ru/wp-content/plugins/super-forms/uploads/php/files/e02472263649ad6b6c0f08a4557cffd3/fenuni.pdf
- https://divetechmarine.com/contents/files/44574579517.pdf
- http://www.vljainandco.com/userfiles/files/gelakapizule.pdf
- http://www.europesolidaire.eu/userfiles/files/sasimamopudaposudusa.pdf
- https://carthink.org/wp-content/plugins/formcraft/file-upload/server/content/files/1613305124cce9---xexibigefijagexudaneniku.pdf
- https://www.hauptsache.cc/wp-content/plugins/formcraft/file
Open this report in the interactive analyzer, or submit your own file for analysis.