MALICIOUS
94
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The file was detected as malicious by ClamAV and an ML classifier, and contains embedded URLs. One of the primary URLs, 'https://golowaki.ru/strik?utm_term=contrato+de+arrendamiento+de+vivienda+en+word+mexico', is associated with a phishing lure related to rental contracts. Although no scripts were explicitly extracted, the PDF structure and embedded URLs suggest an attempt to redirect the user to a malicious site, likely for credential harvesting or further payload delivery.
Machine Learning
- Nyx PDF Classifier malicious score 0.9231
Heuristics 3
-
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://golowaki.ru/strik?utm_term=contrato+de+arrendamiento+de+vivienda+en+word+mexico
- http://gisoboxizaza.mygamesonline.org/21971304523.pdf
- https://cdn.sqhk.co/pazakazagoz/Wjfhfjf/pandora_x_star_wars_uk.pdf
- https://cdn-cms.f-static.net/uploads/4454435/normal_601878975869d.pdf
- https://cdn.sqhk.co/wigalefu/o01zja0/23052381989.pdf
- https://cdn.sqhk.co/metajewamiva/0ifQoih/3871468932.pdf
- https://static.s123-cdn-static.com/uploads/4372955/normal_5ffd509117e26.pdf
- https://cdn-cms.f-static.net/uploads/4385231/normal_603e540762bec.pdf
- https://cdn.sqhk.co/durotula/DjbXQie/world_war_1_us_entry.pdf
- https://cdn.sqhk.co/mamevugixej/hgwbCjj/jebaronade.pdf
- https://cdn.sqhk.co/zojixemem/jbR37hi/36291566607.pdf
- https://cdn-cms.f-static.net/uploads/4459028/normal_606c9ff0ab73e.pdf
- https://cdn.sqhk.co/kewixoretuze/Mvgjfgf/disugufowolilogosutiveza.pdf
- https://cdn.sqhk.co/zedozomi/YggHjhx/collins_human_body_fascinating_facts.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://s3.amazonaws.com/wotodedaruzuk/100372311.pdf
- https://s3.amazonaws.com/wemazun/30645978395.pdf
- https://s3.amazonaws.com/nefagolom/breakout_edu_digital_escape_to_earth_answers.pdf
- https://s3.amazonaws.com/setaxilitozuko/dasusitegomutusopi.pdf
- https://s3.amazonaws.com/pesetufavo/descargar_los_cinco_lenguajes_del_amor_gary_chapman.pdf
- https://s3.amazonaws.com/daselex/rexaxezojuvolipuxaxewukop.pdf
- http://sopexalibip.onlinewebshop.net/sowilukezizo.pdf
- https://s3.amazonaws.com/wewuxuviwar/run_android_emulator_without_android_studio.pdf
- https://s3.amazonaws.com/zetubakuz/noxajufafinejo.pdf
- https://s3.amazonaws.com/vokeri/beowulf_full_movie_hd_free_download.pdf
- https://savannah.gnu.org/projects/freefont/
- http://www.gnu.org/licenses/
- http://www.gnu.org/copyleft/gpl.html
- http://scripts.sil.org/OFL
Extracted artifacts 4
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00011ac6.bin127b44c9f93874c96d25eb7ddc4688780d8877ce931cf296363fb5748d8d514b |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x11AC6 | 6744 bytes |
font_01_sfnt_off00012b7c.bin013fc9f45313cdddd5762e6694753e55f6a85ad2eec225b6e17fd140af1ee5c7 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x12B7C | 2952 bytes |
font_02_sfnt_off0001360b.binf28ea2ba3ab4e1b9d091fd4c676fbdc349be69e7993e123cfe4c92ad2f6d8c7b |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1360B | 5000 bytes |
font_03_sfnt_off000146fd.bin32cdd3c113acefcc26b2bce4c299216f22c77bed659d931aedc0289a1639499a |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x146FD | 3208 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.