MALICIOUS
94
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
The file was detected as malicious by ML classifiers and ClamAV, specifically identified as a phishing trojan. It contains multiple embedded URLs pointing to PDF files hosted on various domains, suggesting a phishing campaign. The document body is heavily obfuscated and appears to be metadata rather than user-readable content, reinforcing the malicious intent.
Machine Learning
- Nyx PDF Classifier malicious score 0.8297
Heuristics 3
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://inclinedigital.com/wp-content/plugins/formcraft/file-upload/server/content/files/160884efc578ec---vudunufobugetekivit.pdf
- https://www.sblending.com.au/wp-content/plugins/formcraft/file-upload/server/content/files/1608b4fc6243f6---zamopelelobelazimepib.pdf
- https://husvagnsexpo.se/wp-content/plugins/formcraft/file-upload/server/content/files/16085d5b87e3ae---rosiwezufamumiduf.pdf
- https://www.isgs.org/wp-content/plugins/super-forms/uploads/php/files/4557ae89ea9f1ae244c538de6d4fd147/rajipusudibod.pdf
- http://www.drop-lok.com/wp-content/plugins/formcraft/file-upload/server/content/files/16071994e3702d---vusubogunomesezidapafu.pdf
- https://nationalcardsolutions.com/wp-content/plugins/formcraft/file-upload/server/content/files/16072fe21e2295---bofeg.pdf
- http://www.loockuniformes.com.br/home/wp-content/plugins/formcraft/file-upload/server/content/files/1607600874dffb---munutoxugibekatafukebegi.pdf
- https://realestateconnect.us/wp-content/plugins/super-forms/uploads/php/files/b8gqcp3lo5ccndp32ghl8g79u2/bexemokofixodefewixugete.pdf
- http://www.victorian-manor.co.za/wp-content/plugins/formcraft/file-upload/server/content/files/1607bfbb37f94b---52576639891.pdf
- https://tigercabinetry.com/wp-content/plugins/super-forms/uploads/php/files/c1e046798eb636fb96245ec9e1624a3d/26333393527.pdf
- http://www.iso-clean.fr/wp-content/plugins/formcraft/file-upload/server/content/files/16081c4b44e4ff---ruluxipitituxujuza.pdf
- https://www.waterlooarmsnewforest.co.uk/wp-content/plugins/super-forms/uploads/php/files/b87b9024b8fb6abf683a90c312303871/1745662747.pdf
- http://rethabise.co.za/wp-content/plugins/formcraft/file-upload/server/content/files/1606d6a9bdd01f---fuxasozosupenasibit.pdf
- https://diversified-nj.com/wp-content/plugins/super-forms/uploads/php/files/c6023b2aa7876473df2c8b22dc741adb/kiwexaterij.pdf
- https://mandalaconfeccao.com.br/wp-content/plugins/formcraft/file-upload/server/content/files/160894e671493e---15084032970.pdf
- https://www.straightmyteeth.eu/wp-content/plugins/super-forms/uploads/php/files/cb06a466bfed5e0f93c2fa65e4474ed8/45101018977.pdf
- http://veronicanealhome.com/wp-content/plugins/formcraft/file-upload/server/content/files/2/1607d00fe2434c---34709687720.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://feedproxy.google.com/~r/skout/mBVl/~3/DOqCt-cVA4I/uplcv?utm_term=materiales+phillips+pdf
- http://scripts.sil.org/OFL
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00011dd1.bin395fa7aac881161a58fb63861ab0f9497160132459ccd89f8e277fd2037d8e8b |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x11DD1 | 5136 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.