MALICIOUS
84
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
The file is identified as malicious by ClamAV, indicating it's a Pdf.Phishing.Trojan. It contains embedded URIs, one of which points to a raw IP address on a compromised web server, likely serving as a download source for the malware. The presence of a Google feed-like URL is a common lure tactic in phishing campaigns.
Machine Learning
- Nyx PDF Classifier suspicious score 0.3790
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
Clickable URI points to raw IP address medium PDF_URI_IP_LITERALPDF contains a clickable HTTP(S) action whose host is a literal IPv4 address. Legitimate documents normally link to named domains; raw-IP destinations are common in disposable phishing and malware-delivery infrastructure.
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://xboxheerlen.nl/userfiles/file/13723911860.pdf In PDF document text
- http://huile-de-nigelle.info/userfiles/file/diniwinomudo.pdfIn PDF document text
- http://104.156.58.56/~web2inbox/wp-content/plugins/formcraft/file-upload/server/content/files/160801747a47c3---ruxafut.pdfPDF link annotation
- http://global-gypsum.com/wp-content/plugins/formcraft/file-upload/server/content/files/16084a6148504e---15490985232.pdfIn PDF document text
- https://cometsecurity.in/admin/userfiles/file/2572114547.pdfIn PDF document text
- https://feedproxy.google.com/~r/Uplcv/~3/BkSY9tpko7c/uplcv?utm_term=law+of+chemical+periodicityPDF link annotation
Open this report in the interactive analyzer, or submit your own file for analysis.