MALICIOUS
94
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The file is a PDF containing an embedded URL that points to a suspicious domain, identified as malicious by ClamAV and ML classifiers. The document body, though heavily obfuscated, contains references to 'Twitter icon emoji copy and paste' and 'wkhtmltopdf', suggesting a lure to a potentially malicious website. The presence of an external URI and the high risk score indicate a phishing or malware distribution attempt.
Machine Learning
- Nyx PDF Classifier malicious score 0.9278
Heuristics 3
-
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://smidgel.ru/pbw?utm_term=twitter+icon+emoji+copy+and+paste
- https://cdn-cms.f-static.net/uploads/4412897/normal_604aaa9d08e3c.pdf
- https://cdn-cms.f-static.net/uploads/4447437/normal_5fd0e1c44fb13.pdf
- https://static.s123-cdn-static.com/uploads/4384307/normal_6005ba9c2a3a5.pdf
- https://static.s123-cdn-static.com/uploads/4410976/normal_5fe116dfa22c6.pdf
- https://static.s123-cdn-static-d.com/uploads/4451744/normal_60b3b54057c51.pdf
- https://cdn-cms.f-static.net/uploads/4484636/normal_602fef8849994.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://uploads.strikinglycdn.com/files/7d300fa5-03a7-4f4a-ad96-71b5ad6defab/boworepizegebigoputa.pdf
- https://uploads.strikinglycdn.com/files/cf660fa8-1c7b-4a47-a14a-e1856c6b1d16/sorap.pdf
- http://zubipuwaf.pbworks.com/w/file/fetch/144522906/oxford_dictionary_of_law_7th_edition_free_download.pdf
- https://uploads.strikinglycdn.com/files/80f42847-f298-48e7-a4a1-1d9d63332af4/rheem_tankless_electric_water_heater_installation_video.pdf
- https://uploads.strikinglycdn.com/files/c3b222a9-2c32-4b5a-a352-7316722f1206/bisofimexalijijijabomuzav.pdf
- https://uploads.strikinglycdn.com/files/dab7530b-5c7b-4c1d-a37b-983307b3b1c4/jenn_air_gas_cooktop_downdraft_ventilation.pdf
- https://uploads.strikinglycdn.com/files/a0199c08-f598-42da-86e3-b3229b04208a/how_to_print_alignment_page_hp_printer.pdf
- https://uploads.strikinglycdn.com/files/2892a30a-9b82-4910-86b6-d4f83b26038f/43380067472.pdf
- https://uploads.strikinglycdn.com/files/3162fa7a-39ce-45c6-a9cf-dd91c691ac4f/auditoria_administrativa_joaquin_rodriguez_valencia_libro.pdf
- https://uploads.strikinglycdn.com/files/e5ed1b8e-e335-4fa0-9625-464d78e77a97/what_is_the_best_computer_for_it_students.pdf
- https://uploads.strikinglycdn.com/files/bba5be24-096f-4701-9897-792c64cdd706/dikaxoge.pdf
- http://sowenux.pbworks.com/w/file/fetch/144548085/magaloveloluvefi.pdf
- https://uploads.strikinglycdn.com/files/29ee77f6-1c26-48e9-83ac-af046a54b1f2/38637584803.pdf
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000e328.bin688519d419593ed6cb0df973af2feb6d95fd5344a90edc2c9dc410217fb02cac |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xE328 | 5408 bytes |
font_01_sfnt_off0000f58c.bin117681707ab76b828198cedd68591eb5353b1624bb2cdc55751d78108be00901 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xF58C | 13108 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.