MALICIOUS
64
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
The file was identified as malicious by ClamAV with the signature Pdf.Dropper.Agent-7230720-0. Static analysis revealed an embedded URI pointing to 'http://celltronics.lk/log/file.htm', which is likely a malicious domain used to host a secondary payload. The PDF structure and embedded URI suggest a common dropper pattern.
Machine Learning
- Nyx PDF Classifier clean score 0.0042
Heuristics 3
-
ClamAV: Pdf.Dropper.Agent-7230720-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Dropper.Agent-7230720-0
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://celltronics.lk/log/file.htm
- http://crl.microsoft.com/pki/crl/products/MicrosoftTimeStampPCA.crl0X
- http://www.microsoft.com/pki/certs/MicrosoftTimeStampPCA.crt0
- http://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl0T
- http://www.microsoft.com/pki/certs/MicrosoftRootCert.crt0
- http://www.microsoft.com/pkiops/crl/MicCodSigPCA2011_2011-07-08.crl0a
- http://www.microsoft.com/pkiops/certs/MicCodSigPCA2011_2011-07-08.crt0
- http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl0^
- http://www.microsoft.com/pki/certs/MicRooCerAut2011_2011_03_22.crt0��
- http://www.microsoft.com/pkiops/docs/primarycps.htm0@
- http://www.microsoft.com/typography
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000b5053.bind4a0d9b70d2af5d76df8bae5ab5dd86c53a4569a73b600995a2664f4c3919220 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xB5053 | 72572 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.