MALICIOUS
64
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The file is identified as malicious by ClamAV with a signature indicating phishing and trojan activity. It contains multiple embedded URLs, one of which, https://jacksth.ru/award?keyword=buckley+v+valeo+pdf, is directly flagged as an external URI. The document body, though heavily obfuscated, suggests a lure related to a legal case or award, aligning with phishing tactics. No scripts were extracted, but the presence of multiple suspicious URLs points towards a phishing or malware distribution attempt.
Machine Learning
- Nyx PDF Classifier suspicious score 0.3408
Heuristics 3
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://jacksth.ru/award?keyword=buckley+v+valeo+pdf
- http://xoxinusenavi.66ghz.com/guxuruza.pdf
- http://daxuzenadisasib.iblogger.org/jusugefinaruwizemo.pdf
- http://motivawka.online/winchester_ts-22-blk_26_gun_safed0uxw.pdf
- http://vashmaster.info/pupijotaniluj2ngkt.pdf
- http://iceteas.space/charades_rulesyag0m.pdf
- https://cdn-cms.f-static.net/uploads/4467277/normal_6027cb0a29048.pdf
- https://cdn-cms.f-static.net/uploads/4382972/normal_60431e4f758f6.pdf
- http://bonus332.site/60291811719i6bqt.pdf
- https://static.s123-cdn-static.com/uploads/4390999/normal_5fe4712c4f82b.pdf
- https://static.s123-cdn-static.com/uploads/4501514/normal_5fde9ef54e2ec.pdf
- http://proita.space/miwalesapenuzokxjyiv.pdf
- https://cdn-cms.f-static.net/uploads/4379846/normal_602031b360f0e.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- http://www.daltonmaag.com/
- https://ebcfae26-b4e4-4f1a-a5b2-c5bdbddc1bdf.filesusr.com/ugd/259f90_fc79424c07f545f39dbce2cd0bf241c6.pdf?index=true
- https://s3.amazonaws.com/jitimesolagun/41847661384.pdf
- https://s3.amazonaws.com/tigovatolis/why_does_my_weight_watchers_scale_give_different_readings.pdf
- https://e60c805d-b9e1-47fc-b045-983511e9ac1f.filesusr.com/ugd/116bb2_2a00702204904519bea104ba22e940a8.pdf?index=true
- https://e9abb47e-19e5-4ec2-9f3c-2aa4e6f2bf0a.filesusr.com/ugd/92be99_ce077f7a9ce94be0b41159f0a742823a.pdf?index=true
- https://78a3f932-2eca-4366-91b9-d52a2f3c5f58.filesusr.com/ugd/a586f9_16c2456d5c644541b4c907a22306a8e7.pdf?index=true
- https://994180ce-385f-4272-9833-4a204a825e0f.filesusr.com/ugd/ec0c41_cf88b5a24a9344a3af71410e7f879b9f.pdf?index=true
- https://28546a20-d0cc-4b82-bb4f-6711990cd5a3.filesusr.com/ugd/0bcf16_d15871667a9447739035910e94d4cf4c.pdf?index=true
- https://s3.amazonaws.com/fejakixoweka/printable_kindergarten_halloween_worksheets.pdf
- http://tekaxebabix.epizy.com/how_much_is_a_forklift_license_qld.pdf
- https://s3.amazonaws.com/bufexa/rational_and_irrational_numbers_questions.pdf
- http://scripts.sil.org/OFL
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00011564.binf78e2af0fc207f5c500fdd2967e2b8b19399daa1a0ebddb1335afe54ffd45d47 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x11564 | 4796 bytes |
font_01_sfnt_off000125d3.binf91fbc0146a1abf2288e750b668e9667ccf1d6e316e59cb913c3d2084b6d34f8 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x125D3 | 11528 bytes |
font_02_sfnt_off00014d14.bin05d2457133b820fa77aa358e30e9acfbad3f04c46ced9a37296d9311117db176 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x14D14 | 4324 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.