MALICIOUS
94
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The file is a PDF document that contains an embedded URI pointing to a malicious domain. ClamAV and ML classifiers have identified this file as malicious, specifically a phishing trojan. The document body, though heavily obfuscated, appears to be a lure related to a popular anime character, likely to trick users into visiting the external URL.
Machine Learning
- Nyx PDF Classifier malicious score 0.7221
Heuristics 3
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://jacksth.ru/wb?keyword=zenitsu%20thunder%20breathing%20first%20form PDF link annotation
- http://libotopatolar.iblogger.org/camino_de_santiago_self_guided_walk.pdfIn PDF document text
- http://stassikorskyi.com/aircraft_cruise_performance_chartsg1dyz.pdfIn PDF document text
- https://cdn.sqhk.co/dovawowo/yOgdhen/fujawuvexivebames.pdfIn PDF document text
- https://cdn.sqhk.co/wadusazilox/EsheDjh/44764382012.pdfIn PDF document text
- https://xifexovajebim.weebly.com/uploads/1/3/0/7/130740184/roxitovag_tarugugox_logamokuxadasap_wumuvovelom.pdfIn PDF document text
- http://zanetapoxod.22web.org/b._ed_2019_scholarship_form.pdfIn PDF document text
- https://cdn.sqhk.co/dosakupu/gfeILhf/32354173999.pdfIn PDF document text
- http://vpntop.info/blynk_library_for_nodemcucqb25.pdfIn PDF document text
- https://wiwanozamo.weebly.com/uploads/1/3/4/3/134306351/1747758.pdfIn PDF document text
- http://frontend-developer-azaynullin.site/42067909814e5to6.pdfIn PDF document text
- https://cdn.sqhk.co/kovixileta/0ggidRG/74815147414.pdfIn PDF document text
- http://jalopava.22web.org/elastic_vs_inelastic_collision.pdfIn PDF document text
- https://mixezefu.weebly.com/uploads/1/3/0/8/130874535/xutefutenine.pdfIn PDF document text
- https://cdn.sqhk.co/bemapebe/ycja4gd/neha_kakkar_ke_new_song_2020.pdfIn PDF document text
- https://pixipemojawipe.weebly.com/uploads/1/3/4/4/134459682/pefezisumajak.pdfIn PDF document text
- https://cdn.sqhk.co/sizozizaj/whesjdR/62078316012.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- http://fulawumobolofog.epizy.com/lodizasawosog.pdfIn PDF document text
- http://losuguv.epizy.com/chadariya_jhini_re_jhini_bhajan.pdfIn PDF document text
- http://kinefinukabel.epizy.com/vofugoxada.pdfIn PDF document text
- http://jiresigotapikeb.rf.gd/inside_out_movie_questions_and_answers.pdfIn PDF document text
- http://zozemuki.rf.gd/10_sided_dice_template.pdfIn PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
stream_002_off00010857.bin |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x10857 | 213912 bytes |
SHA-256: 58d3cfc7bbf27fd9d0214a63e1a1d875aade5d5446ba8aba07472cc282b0e546 |
|||
font_01_sfnt_off000375e0.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x375E0 | 5268 bytes |
SHA-256: 930fb977359cd12d3c70e07a53175747217b09df514c93a701c19793ab3aebf9 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.