MALICIOUS
94
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
This PDF document was flagged as malicious by ClamAV and an ML classifier. The file embeds external URLs that direct users to attacker-controlled resources. Specific URLs and indicators for this sample are listed in the indicators section.
Machine Learning
- Nyx PDF Classifier malicious score 0.8022
Heuristics 3
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://oniceh.ru/pbw?utm_term=comfort+zone+psychology+pdf PDF link annotation
- https://cdn-cms.f-static.net/uploads/4484118/normal_5fea361c31cc2.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4463788/normal_60b9b90d87db1.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4505358/normal_603142d0297cf.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4453743/normal_602b614912fa5.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4450356/normal_60420b3d60874.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4393641/normal_5ff8bcd53e2f1.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4419650/normal_5fcf6bc085c98.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4469359/normal_5fca6ef220789.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4378606/normal_6030a252d851e.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4424361/normal_5febb7b3055ab.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4383322/normal_5ff925f8f221e.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4471514/normal_5ff7f6160a551.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4369765/normal_602abd97e3342.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4458628/normal_5fcf4491e8cf5.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4415962/normal_604dacf139bed.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4446260/normal_602fb38e40751.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4412380/normal_60377e611786d.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4374368/normal_6054847a78484.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- http://jizakatum.pbworks.com/f/lalibekisujabodijel.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/229f64a6-f45d-41b1-8a5d-bcf691619aa0/lusutuzuzejowilaw.pdfIn PDF document text
- http://xuwedateredu.pbworks.com/f/python_programs_for_practice.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/7413d394-51ec-4b5e-9fca-8b020647376a/maytag_bravos_washer_stuck_on_sensing.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/960e9858-bff9-4101-926f-66c681091c37/1996_jeep_cherokee_sport_for_sale.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/5e0357a8-28db-4b48-8da8-5f5dda40c9d9/nedegoti.pdfIn PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00010914.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x10914 | 5416 bytes |
SHA-256: a775c1f660a3d8331e424e492503416aba72755ec5ca8a75d733470332270036 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.