MALICIOUS
94
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF file contains a heuristic firing indicating an external URI, which points to a suspicious domain. The document body, though heavily obfuscated, contains text related to 'bamboo sheets review australia', suggesting a phishing or scam lure. The presence of an embedded URL further supports the attack pattern of directing users to a malicious site.
Machine Learning
- Nyx PDF Classifier malicious score 0.8392
Heuristics 3
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://xezojetit.ru/123?utm_term=bamboo+sheets+review+australia
- https://cdn-cms.f-static.net/uploads/4486213/normal_6025336eb6485.pdf
- https://cdn.sqhk.co/dexediwiboze/jhjehfs/glass_breaker_tool_price.pdf
- https://cdn.sqhk.co/gefokinoxi/eeXIeaI/stick_it_full_movie_cast.pdf
- https://cdn.sqhk.co/jesovolavig/Fl4Lhic/milevalavotizakupaxu.pdf
- https://cdn.sqhk.co/jabakujivim/a6rhhic/tejeselax.pdf
- https://cdn-cms.f-static.net/uploads/4443624/normal_604e845b13428.pdf
- http://kedamijofulufep.mygamesonline.org/xomakedawitevifotureto.pdf
- https://cdn-cms.f-static.net/uploads/4387932/normal_600b78e75a8c0.pdf
- http://nitesufi.sportsontheweb.net/how_we_use_kinetic_energy_in_our_everyday_lives.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://s3.amazonaws.com/fuwenoxuzasila/greeting_letter_template.pdf
- https://9480ebe7-8096-4165-94d5-b35dd525e9f4.filesusr.com/ugd/07b43d_7e0ea001e7074717811ce8c02aa2a444.pdf?index=true
- https://uploads.strikinglycdn.com/files/d79cc804-087e-46c2-8e20-20cb5c5be627/peter_senge_five_disciplines.pdf
- https://s3.amazonaws.com/faxaxos/customs_broker_exam_october_2019_answers.pdf
- https://uploads.strikinglycdn.com/files/5b40235b-d11a-402e-8973-6e5b3fd33743/29116101656.pdf
- https://s3.amazonaws.com/zulezov/lovejixebukuzamudipote.pdf
- https://uploads.strikinglycdn.com/files/cfc3e2c7-7075-47cf-8f20-71e572c9bac4/finding_missing_angles_in_triangles_worksheet_geometry.pdf
- https://91313464-3f42-441e-b0e8-b27065d471ad.filesusr.com/ugd/ee9d3f_465870be840c40f58519cdaad51cabdd.pdf?index=true
- https://72dfff08-f6cb-4f5d-aaac-ebe71175d6a6.filesusr.com/ugd/c268f7_3123f5a602eb43de9013976f1f0e390c.pdf?index=true
- https://uploads.strikinglycdn.com/files/19ce2abb-b484-4986-ad9a-5741fceebf71/radio_shack_digital_multimeter_manual_22-811.pdf
- https://uploads.strikinglycdn.com/files/ea5e6dda-45bf-4c08-a064-7fc538286eb4/78202811765.pdf
- https://s3.amazonaws.com/nojemi/kinimilagavakivilafo.pdf
- https://savannah.gnu.org/projects/freefont/
- http://www.gnu.org/licenses/
- http://www.gnu.org/copyleft/gpl.html
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00012352.bina606a6dede3b99472d2ac97761204782646b5f75106b48d1abccbe9a99ca9a4c |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x12352 | 6440 bytes |
font_01_sfnt_off00013346.bind227d47e4b5614327e70a44a37399eae04067fa581b7389ecfeefa0ef2284cfe |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x13346 | 5264 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.