MALICIOUS
94
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF document contains heuristics indicating it is malicious and a phishing attempt. It embeds external URIs, including one pointing to 'ponafet.ru', which is likely a command and control server or phishing site. The document's content, though heavily obfuscated, appears to be a lure related to car parts, suggesting a social engineering tactic to drive users to malicious links. No scripts were extracted, but the PDF structure itself is indicative of malicious intent.
Machine Learning
- Nyx PDF Classifier malicious score 0.7832
Heuristics 3
-
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ponafet.ru/strik?utm_term=05+jeep+grand+cherokee+headlight+bulb+size
- http://fashion-deals.xyz/rslogix_5000_string_data_typeffptd.pdf
- http://vnatural.space/13195563921qaknh.pdf
- https://cdn.sqhk.co/sebidurubuze/jd07ggj/free_homeschooling_programs_near_me.pdf
- http://idealslimitalia-oficial.site/duborepiterezokixsj2.pdf
- http://tvoy-ogorod.online/what_are_the_seven_pieces_of_the_armor_of_goddgbum.pdf
- http://tacfitproducts.com/how_much_does_a_phd_in_political_science_make5vszk.pdf
- http://powerhdniy.space/75769132488fyhcz.pdf
- http://merishwheelrecords.com/how_to_give_a_interview_for_teacherc0xul.pdf
- https://cdn.sqhk.co/wijelukifap/B0ijnif/73077501147.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://uploads.strikinglycdn.com/files/9cbfc57e-59e3-4fb2-8dd1-f7ebae81028e/pasagafe.pdf
- https://8569cc17-8b2a-4187-ace0-95b0550b99f0.filesusr.com/ugd/d6eede_7d97db9425384b44a4400048f3328193.pdf?index=true
- https://144c9d4d-401b-437b-b89f-6a5816d7da47.filesusr.com/ugd/cd33f5_f61fe66945254da0b7f1640fb7aa3e06.pdf?index=true
- https://064d663d-f6b2-44cf-a6ad-083da5f315e5.filesusr.com/ugd/77eba6_f663baf0b86c410db0b411df9de187e8.pdf?index=true
- https://uploads.strikinglycdn.com/files/e7a54b1e-4af4-4cb0-b5d1-557b920f4806/81894496691.pdf
- https://uploads.strikinglycdn.com/files/6a451f7e-85ee-40cc-914d-cd1a91ee79d3/graphic_guide_to_frame_construction_fourth_edition_revised_and_updated.pdf
- https://uploads.strikinglycdn.com/files/45c20542-9d62-44d4-baf2-b8b99b5bb291/mukalodokesutog.pdf
- https://cccd2283-d272-450a-840b-6541230ebad2.filesusr.com/ugd/5de1df_0e1464d1f4204859918a7a9a2f007b55.pdf?index=true
- https://71b4061d-0fbe-47a8-a671-08758978b022.filesusr.com/ugd/0216f2_75a05edb453f4469a74ba051a220c7b1.pdf?index=true
- https://uploads.strikinglycdn.com/files/45626145-c563-42e2-aa4b-d6d3c051999c/what_are_adaptive_skills_in_special_education.pdf
- https://bac325b5-3710-4a60-ba01-c1ac5e8a7650.filesusr.com/ugd/c111de_dffe190c504b44babd664e178da789cf.pdf?index=true
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000e83a.binddb25876572644c95a7733ee841c548960799caf84aa81b64f89c3a43d0872aa |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xE83A | 5836 bytes |
font_01_sfnt_off0000fc19.bincc9d8e5f03ef24a7b874b89b7fb958a5c6d1dedc6fefcd69485e436004948929 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xFC19 | 10648 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.