MALICIOUS
94
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The file was detected as malicious by ML classifiers and ClamAV, indicating a high likelihood of malicious intent. The PDF contains embedded URLs that point to other PDF files hosted on various websites, suggesting a distribution mechanism for malicious content. The presence of these URLs and the overall detection score strongly suggest a phishing or malware distribution campaign.
Machine Learning
- Nyx PDF Classifier malicious score 0.9746
Heuristics 3
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ewms.vn/wp-content/plugins/super-forms/uploads/php/files/kj29gclfe45rg4ib6jtgi1mj2o/31204273681.pdf
- https://www.ltgpartners.com/wp-content/plugins/super-forms/uploads/php/files/583ee824ca7a543d55a5943d0584224f/84339127757.pdf
- https://www.coconutlodge.com/wp-content/plugins/formcraft/file-upload/server/content/files/160807e40690dc---lezufamopepewaga.pdf
- http://accurateverdicts.com/wp-content/plugins/formcraft/file-upload/server/content/files/1608356582a6e3---xamejarodizebojowowu.pdf
- http://bamt.be/wp-content/plugins/formcraft/file-upload/server/content/files/1607d2290a24e4---gobefirafetiwivogileradat.pdf
- http://www.jimenez-casquet.com/wp-content/plugins/formcraft/file-upload/server/content/files/1606e3a05bd3fe---menirijimizegogujekadet.pdf
- http://www.insurancedirectcanada.ca/wp-content/plugins/formcraft/file-upload/server/content/files/1608051b4c1916---fobod.pdf
- http://asesorialuishervas.com/wp-content/plugins/formcraft/file-upload/server/content/files/1608242fa12955---besasufabevivurop.pdf
- http://www.ponderosafestival.com/wp-content/plugins/formcraft/file-upload/server/content/files/1609f05fb95589---38966860274.pdf
- http://extreamtuning.ru/wp-content/plugins/formcraft/file-upload/server/content/files/16075967610c91---fagekixiseporu.pdf
- http://albino-pitti.com/pub_img/file/69308174690.pdf
- https://apparel.allianceflooring.net/wp-content/plugins/super-forms/uploads/php/files/b78ebbe6e33fb3e87789267ca936c223/45555202759.pdf
- http://beckydavidsonhomes.com/wp-content/plugins/formcraft/file-upload/server/content/files/160838d7a0913b---mafolojefutabufelovare.pdf
- http://kaufdeinauto.de/wp-content/plugins/formcraft/file-upload/server/content/files/16099906d4efba---jisoniwapasinonanigegu.pdf
- http://opalbiosciences.com/wp-content/plugins/formcraft/file-upload/server/content/files/1607458919cf11---nisoperesagawedizudur.pdf
- https://ilc.ua/wp-content/plugins/super-forms/uploads/php/files/pk3pka29gpeh6bsmpdnnac3h71/93262315121.pdf
- http://www.1atlanticfunding.com/wp-content/plugins/formcraft/file-upload/server/content/files/1607526518b304---10117186068.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://feedproxy.google.com/~r/1eyvgo/aqOO/~3/cv9VXjIrmdE/uplcv?utm_term=monheim%2527s+local+anesthesia+pdf+download
- http://scripts.sil.org/OFL
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000cb93.bin62af3904ef0117064e29355a6f7aca4ffdf530b06eaf4a72e90c158599797730 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xCB93 | 5428 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.