MALICIOUS
94
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
The file is a PDF that masquerades as sheet music, likely to trick users into downloading further malicious content. The presence of multiple embedded URLs pointing to PDF files on various domains suggests a phishing or malware distribution campaign. ClamAV and ML classifiers also flagged this file as malicious.
Machine Learning
- Nyx PDF Classifier malicious score 0.8702
Heuristics 3
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://swotin.com/wp-content/plugins/formcraft/file-upload/server/content/files/160847b55958e4---tavas.pdf
- http://www.brennholz-heinlein.de/wp-content/plugins/formcraft/file-upload/server/content/files/16086ee54640a8---15430845663.pdf
- https://www.nrlandscapes.co.uk/wp-content/plugins/super-forms/uploads/php/files/7d153432cd73d0337fa53b33e303f4e5/risogexev.pdf
- http://xn--80ackbssfuieecff0e8c.xn--p1ai/wp-content/plugins/super-forms/uploads/php/files/b3ogo3qqneahg1oiuut3f3iib7/19857063686.pdf
- https://frontiersneurophotonics.org/wp-content/plugins/formcraft/file-upload/server/content/files/1/160768bf2dbf34---zenakukukebid.pdf
- http://labcoop-jsc.com/wp-content/plugins/super-forms/uploads/php/files/9ekhsot42crelt60rvra6s7e2u/gawekepilebefunagijazoran.pdf
- https://celovechurch.org/wp-content/plugins/super-forms/uploads/php/files/51733c0ac5f6c521e468770fb9babfc8/vebebijunanalifolutafe.pdf
- https://bizdrive.nl/wp-content/plugins/formcraft/file-upload/server/content/files/1/16077b89a946c3---likukeza.pdf
- https://www.espymetcalf.com/wp-content/plugins/formcraft/file-upload/server/content/files/1608301433e045---takogaxirejazamamevifat.pdf
- http://www.misshandicap.ch/wp-content/plugins/formcraft/file-upload/server/content/files/1607522d0d542f---95319399927.pdf
- https://funkydrop.shop/wp-content/plugins/super-forms/uploads/php/files/6fc9f4864698a65c2fbddcdc5b8976ea/roduwilurituru.pdf
- http://www.ibadirect.com/wp-content/plugins/formcraft/file-upload/server/content/files/1606d20aed4dfa---31065679730.pdf
- http://www.rlktechniek.nl/wp-content/plugins/formcraft/file-upload/server/content/files/16072cbbba151f---78712397875.pdf
- http://www.platformliften.info/wp-content/plugins/formcraft/file-upload/server/content/files/16087d120253a1---laxazeve.pdf
- https://evenimentecastel.ro/wp-content/plugins/super-forms/uploads/php/files/mniqnrk5o7g25fbu3gcgupim9v/43652415710.pdf
- https://noble-worldwide.com/wp-content/plugins/super-forms/uploads/php/files/55556d7d1dde4e66cbbd737f2d88c646/soxubarewatibegek.pdf
- https://deewo.de/wp-content/plugins/formcraft/file-upload/server/content/files/16085bbb9d89e4---kimidivugapumamug.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://feedproxy.google.com/~r/skout/mBVl/~3/LPIa9PGmDLg/uplcv?utm_term=without+you+avicii+piano+sheet+music
- http://scripts.sil.org/OFL
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000e78d.bind42655af5e12b35548643a0e5884bfd9614a5e49365c2c5444bd9599d335c00a |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xE78D | 5220 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.