MALICIOUS
94
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The file is a PDF document that contains an embedded URI pointing to a suspicious domain, identified by heuristics as potentially malicious and a phishing/trojan. The document body, though heavily obfuscated, suggests a lure related to programming topics to entice users to click the malicious link. No scripts were extracted, but the presence of external URIs and the ML/ClamAV detections indicate a high likelihood of malicious intent, likely to download a second-stage payload.
Machine Learning
- Nyx PDF Classifier malicious score 0.6739
Heuristics 3
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://bologen.ru/award?keyword=dos+assembly+language+programming+pdf
- https://cdn-cms.f-static.net/uploads/4498404/normal_603e6131d17eb.pdf
- http://boevoenlp.com/84363537589lifao.pdf
- http://verefdliyvtorogo.xyz/wofazamogapofedwvzd.pdf
- http://futegejetebe.22web.org/calacatta_marble_formica_laminate.pdf
- http://ruzazeruduzelu.22web.org/ruwanaxu.pdf
- https://cdn-cms.f-static.net/uploads/4384468/normal_60132967ec9dd.pdf
- https://cdn-cms.f-static.net/uploads/4498997/normal_603576e77859a.pdf
- https://cdn-cms.f-static.net/uploads/4486763/normal_60144ae74f992.pdf
- https://cdn-cms.f-static.net/uploads/4460255/normal_6029a2bde70cc.pdf
- https://cdn-cms.f-static.net/uploads/4459636/normal_6019673b62d94.pdf
- https://cdn-cms.f-static.net/uploads/4409000/normal_6063ee15e8490.pdf
- https://cdn-cms.f-static.net/uploads/4381091/normal_602a9ddbefd6e.pdf
- http://photoforce.ru/are_basketball_shoes_good_for_running_on_treadmillx0vx0.pdf
- http://bilkan.fun/24044687719win9i.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://uploads.strikinglycdn.com/files/29e1d65f-ab8f-4e9c-9c45-8b3019961316/35523024955.pdf
- http://tibilekozox.epizy.com/best_jquery_plugins_free.pdf
- https://uploads.strikinglycdn.com/files/6c97516e-caa1-41f1-a0b0-379a21d2f875/acura_rl_transmission_problems.pdf
- http://gozudivigel.epizy.com/95924958256.pdf
- https://uploads.strikinglycdn.com/files/1489384e-bd6b-4d62-8973-4edbfe4ee8e1/gekajatofojizar.pdf
- https://uploads.strikinglycdn.com/files/68078551-1843-4663-af24-056c90083935/brain_teaser_puzzle_books_for_adults.pdf
- http://gametusepezuka.rf.gd/61687613648.pdf
- http://dagepirobalov.epizy.com/extrato_gliclico_de_barbatimo.pdf
- https://uploads.strikinglycdn.com/files/766c807c-9780-49e4-b016-6325f32f8b44/wings_of_fire_book_graphic_novel.pdf
- http://legujajojozete.epizy.com/hunter_hayes_i_want_crazy_song.pdf
- http://scripts.sil.org/OFL
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0001135a.bin403effb9c3c639814c148cac1e498e74bf8eb2f2dc2f9263a666fdeaf4abcb47 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1135A | 4016 bytes |
font_01_sfnt_off00012187.binb8adfd73765ff9898b0e6385c23d9e2eaa964348369a0a1dbba0c89806f7a9f2 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x12187 | 5600 bytes |
font_02_sfnt_off00013481.binb7e741e0d0854f462af2005f626df9d34416e388f17856ccc6ad3c5436cf9c4b |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x13481 | 12044 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.