MALICIOUS
64
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The file is identified as malicious by ClamAV with a specific signature indicating it is a phishing trojan. The PDF contains an embedded URI pointing to a suspicious domain, which is a common tactic for phishing or distributing further malicious content. While no scripts were extracted, the presence of the embedded URI and the ClamAV detection strongly suggest a malicious intent to redirect the user to a harmful site.
Machine Learning
- Nyx PDF Classifier suspicious score 0.4269
Heuristics 3
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://pelibifir.ru/strik?utm_term=the+burning+bridge+poul+anderson PDF link annotation
- http://faxusupovetek.sportsontheweb.net/29646829762.pdfIn PDF document text
- http://copyrightnotice-ig.com/medication_administration_through_enteral_feeding_tubesrw95l.pdfIn PDF document text
- http://padojobimo.mywebcommunity.org/26971770538.pdfIn PDF document text
- http://pusewuvi.medianewsonline.com/kenofukijitowode.pdfIn PDF document text
- http://domsale.xyz/nebirupapipinedamiqjs34.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4478928/normal_600365204b1d2.pdfIn PDF document text
- http://sewatumafuta.medianewsonline.com/el_hobbit_1977_sub_espaol.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4393514/normal_600cef8fc2041.pdfIn PDF document text
- http://esplus.pro/how_to_print_remind_app_instructions9hk61.pdfIn PDF document text
- http://thechambre.xyz/qu_sntomas_tienes_cuando_tienes_infeccin_urinaria1p6ft.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://s3.amazonaws.com/davawina/nitewusojuvuked.pdfIn PDF document text
- https://s3.amazonaws.com/sefabe/80286679923.pdfIn PDF document text
- https://s3.amazonaws.com/vebenok/31883934672.pdfIn PDF document text
- https://s3.amazonaws.com/zatasipezeg/epileptiform_discharges_on_electroencephalography.pdfIn PDF document text
- https://s3.amazonaws.com/pusixa/jimejasizewujalodesepir.pdfIn PDF document text
- https://s3.amazonaws.com/liguwubore/afreen_song_lyrics.pdfIn PDF document text
- https://s3.amazonaws.com/radubozufiwo/rosapifosisiri.pdfIn PDF document text
- https://s3.amazonaws.com/sobaketemu/military_statement_of_service_template_army.pdfIn PDF document text
- https://s3.amazonaws.com/mutirexa/budavamidinozab.pdfIn PDF document text
- https://s3.amazonaws.com/metakibeme/new_york_stock_exchange_today_closing_bell.pdfIn PDF document text
- https://s3.amazonaws.com/davubewu/telapexojowifurigapajun.pdfIn PDF document text
- http://lumosaneja.onlinewebshop.net/ballistics_forensics.pdfIn PDF document text
- https://s3.amazonaws.com/tamobalasu/cast_away_full_movie_in_480p.pdfIn PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0001735b.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1735B | 5548 bytes |
SHA-256: a3414052aa6def4eea0fbb6e8872a7e41b233263c98831db8b7021c94fde6a28 |
|||
font_01_sfnt_off00018675.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x18675 | 5308 bytes |
SHA-256: 3d82b0fcd6cc1c6dd6188c36990b6b0e4df6069810023ce1e60f921c2eedccc8 |
|||
font_02_sfnt_off00019870.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x19870 | 15524 bytes |
SHA-256: dd568d4372edfc22a7cd7973e861d8cfe5e47da6371cf96288743e0e3fdab06b |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.