MALICIOUS
94
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF file contains an embedded URL that directs users to a suspicious domain, likely for phishing purposes. The ML classifier and ClamAV detection strongly indicate malicious intent. The document body, though partially corrupted, contains text related to a common search query, suggesting a lure to disguise the malicious link.
Machine Learning
- Nyx PDF Classifier malicious score 0.8569
Heuristics 3
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://philabc.ru/pbw?utm_term=how+do+you+insert+a+hard+page+break+in+word
- https://static.s123-cdn-static.com/uploads/4480886/normal_5ffc91727a816.pdf
- https://cdn-cms.f-static.net/uploads/4476274/normal_6024bd33cafc6.pdf
- https://cdn-cms.f-static.net/uploads/4450898/normal_6011086a4e191.pdf
- https://cdn-cms.f-static.net/uploads/4391340/normal_601a7ed0ada39.pdf
- https://cdn-cms.f-static.net/uploads/4465277/normal_605cf06f63e00.pdf
- https://cdn-cms.f-static.net/uploads/4455405/normal_601d056af0576.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- http://zegugas.pbworks.com/f/what_type_of_oil_does_a_toro_lawn_mower_take.pdf
- http://fagimox.pbworks.com/w/file/fetch/144519597/how_to_set_defiant_door_lock.pdf
- http://didaneguk.pbworks.com/w/file/fetch/144425217/power_probe_3_fix.pdf
- https://uploads.strikinglycdn.com/files/8e9f5404-debf-4bd1-98cb-6a34cf37fbba/vakubabodotanukerugalaf.pdf
- https://uploads.strikinglycdn.com/files/e8e02ac6-8fca-48f1-8384-9874263e37e7/nezetojiwasazika.pdf
- https://uploads.strikinglycdn.com/files/af70fc48-24a6-414c-83be-87fcbde00bf3/gegelo.pdf
- https://uploads.strikinglycdn.com/files/5690f1f8-3feb-4643-adde-d30b82bddcb7/38094058648.pdf
- https://uploads.strikinglycdn.com/files/0d088a43-883b-41f8-82d3-7a31b67f3a70/monulaxufozajukafixor.pdf
- http://zepupifob.pbworks.com/w/file/fetch/144426027/jeppesen_private_pilot_maneuvers_manual.pdf
- https://uploads.strikinglycdn.com/files/2d21d44c-8a60-4312-bd25-254cb1d190aa/kingroot_4.1_0.249_apk_download.pdf
- https://uploads.strikinglycdn.com/files/a2454943-9c0f-48f2-830f-cae5847e6969/skb_iseries_kemper_profiler_stage_case.pdf
- http://furalagaposu.pbworks.com/w/file/fetch/144579765/how_to_pair_logitech_h600.pdf
- https://uploads.strikinglycdn.com/files/9fa14bfc-036f-4140-8618-643561694200/how_to_drain_a_front_load_lg_washer.pdf
- https://uploads.strikinglycdn.com/files/744a6d19-6499-41f7-8ce7-7ae77c7ecb97/what_was_happening_in_the_1600s.pdf
- https://uploads.strikinglycdn.com/files/5c0aeebc-35fe-475d-9d28-8d859c7edbf2/foucault_panopticism.pdf
- https://uploads.strikinglycdn.com/files/2f79f7c0-9879-421f-a857-41cd87acfdf2/13453125518.pdf
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000e027.bin9e23aedb909fb0bd3788698d4f803bdf3e442d28a8bd466e2ebb3d659f92ef62 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xE027 | 5548 bytes |
font_01_sfnt_off0000f312.binf1712470e346a27298c47243b7ff8c114e72e427b1a28d35ffaf00bcc41503bd |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xF312 | 10264 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.