MALICIOUS
70
Risk Score
Malware Insights
MITRE ATT&CK
T1059.001 PowerShell
The file was detected by ClamAV as Pdf.Malware.Agent-9793827-0. The document body contains multiple links, including a primary external URI pointing to 'http://uncpbisdegree.com/download3.php?q=wabco-trailer-abs-wiring-diagram.pdf', which is likely a lure for downloading malicious content. The presence of a visual download button heuristic further supports the social engineering aspect of this attack. No scripts were extracted, limiting the analysis of specific execution behaviors.
Heuristics 4
-
ClamAV: Pdf.Malware.Agent-9793827-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Malware.Agent-9793827-0
-
Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTONDocument contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://uncpbisdegree.com/download3.php?q=wabco-trailer-abs-wiring-diagram.pdf
- http://uncpbisdegree.com/download4.php?q=wabco-trailer-abs-wiring-diagram.pdf
- http://www.abstroubleshooting.com/ecu-wiring-diagrams.html
- http://inform.wabco-auto.com/intl/pdf/600/002/000/600_000.pdf
- http://www.meritorwabco.com/MeritorWABCO_document/mm33.pdf
- http://inform.wabco-auto.com/intl/en/informindex.php?action=filter&suchwort=&family=2047
- http://www.abstroubleshooting.com/abs-troubleshooting-step-3/blink-code-identification/wabco/vcs-version-ecu-abs-lamp.html
- http://www.autorepairmanuals.biz/product/SK29863
- http://www.autorepairmanuals.biz/page/921779
- http://www.meritorwabco.com/MeritorWABCO_document/mm1719.pdf
- https://www.anythingtruck.com/category/htp-brake-air-dryers-ad9.html
- https://www.allianceelectronics.co.uk/20/32/what-we-do
- http://uncpbisdegree.com/1/study-guide-starting-a-business-answers.pdf
- http://uncpbisdegree.com/1/svt-focus-turbo.pdf
- http://uncpbisdegree.com/1/the-curious-digital-marketer.pdf
- http://uncpbisdegree.com/1/smart-notebook-user-guide-mac.pdf
- http://uncpbisdegree.com/1/sepedi-p2-hl-2018-exampler.pdf
- http://riverside-resort.net/1/volkswagen-beetle-wiring-diagrams-brake.pdf
- http://riverside-resort.net/1/what-is-kombiglyze-xr.pdf
- http://riverside-resort.net/1/yellow-background-card-design.pdf
- http://riverside-resort.net/1/vampire-squirrel.pdf
- http://uncpbisdegree.com/1/sonoma-county-joint-powers-authority.pdf
- http://uncpbisdegree.com/1/smart-notebook-user-
- http://semitruckmanuals.tpub.com/TM-9-2330-326-14-P/
- https://www.manualslib.com/manual/1024075/Freightliner-Business-Class-M2.html
- https://www.manualslib.com/brand/freightliner/trucks.html
- https://www.manualslib.com/products/Freightliner-Business-Class-M2-4006833.html
- https://www.scribd.com/document/239661436/Gen3-Autoshift-Ultrashift-Ultrashift-Plus-Troubleshooting
- https://www.google.com/?gws_rd=ssl
- http://go.microsoft.com/fwlink/?LinkID=617350
- http://go.microsoft.com/fwlink/?LinkId=521839&CLCID=0409
- http://go.microsoft.com/fwlink/?LinkID=246338&CLCID=0409
- https://go.microsoft.com/fwlink/?linkid=868922
- http://go.microsoft.com/fwlink/?LinkID=286759&CLCID=409
- http://go.microsoft.com/fwlink/?LinkID=617297
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00004710.bin3493ad9054981b428e9da0ae3f0b1660416d06d089cb3c16e54541f824b7b048 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x4710 | 10100 bytes |
font_01_sfnt_off0000673e.bin200465f0bfc9ba18c89af3d2921854952a41f1f10f0dbfb941454ed0f00f0e89 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x673E | 7220 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.