MALICIOUS
94
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The file was detected as malicious by ML classifiers and ClamAV, indicating a high likelihood of malicious intent. The PDF contains embedded URLs that likely lead to the download of a second-stage payload. The presence of these URLs and the overall detection score strongly suggest a phishing or malware distribution scheme.
Machine Learning
- Nyx PDF Classifier malicious score 0.8422
Heuristics 3
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://dugedepap.ru/award?keyword=all+creatures+great+and+small+by+ruskin+bond+pdf
- http://siviveko.getenjoyment.net/fractional_distillation_of_crude_oil.pdf
- http://ruzopiter.iblogger.org/basic_electronic_mcq_question.pdf
- http://tokio-2020.fun/zadafitisafekikasipiwmiihx.pdf
- http://vibolofisef.mywebcommunity.org/wijakasasekezubakobedode.pdf
- http://lamejix.scienceontheweb.net/alberta_conservation_and_hunter_education_manual.pdf
- http://pivowave.iblogger.org/10503236479.pdf
- http://mirror-x.org/dragon_ball_z_ultimate_tenkaichi_3d_modelsxifr3.pdf
- http://zizodoroluxonaf.sportsontheweb.net/wuvarowomutijuwoloro.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- http://zudozam.epizy.com/shareit_softonic._exe.pdf
- http://porapasegunan.epizy.com/d_d_5e_enchantment_wizard_guide.pdf
- https://b24182fa-1fee-416c-9f57-41d8a36573e1.filesusr.com/ugd/1cc367_8bc63980ff53489495191e8cc71bd697.pdf?index=true
- https://uploads.strikinglycdn.com/files/8e43a2d9-cb71-47b3-8df1-593bd7344aa1/51151974245.pdf
- http://nakepusejedub.epizy.com/baby_movie_utorrent_kickass.pdf
- http://xifusejikudit.rf.gd/33771583809.pdf
- https://edefa294-c65c-46c5-840b-8a4669b9fdfe.filesusr.com/ugd/e4a001_49f6cadd36b641a79ee2b3d770a34240.pdf?index=true
- http://niforubuduxema.epizy.com/90978627356.pdf
- https://7be8961d-effb-4c78-a255-78c3c9f0be09.filesusr.com/ugd/3dd68e_30761159dce24513985d8061739946b1.pdf?index=true
- http://gagemusogigubew.epizy.com/woxuzubakiresi.pdf
- https://uploads.strikinglycdn.com/files/2b19a41a-03c2-4581-b4e8-288cc3829bca/kaxitiriwopek.pdf
- https://uploads.strikinglycdn.com/files/e1df91bb-4c60-4d86-9abf-004aecbdbd60/fupokakejo.pdf
- https://e8b83640-91e4-44a0-a69f-c2468797902f.filesusr.com/ugd/ee4a13_0c11e96bd0724af4b40343977f2bad81.pdf?index=true
- http://xupanapil.epizy.com/rexebofajezab.pdf
- https://uploads.strikinglycdn.com/files/9d6c8d1d-8205-48ee-a691-13fa5ff79e93/icom_ic-718_manual.pdf
- http://palelezugob.onlinewebshop.net/penirivazemexebidenovuzo.pdf
- https://fa202315-5cd5-4006-9a99-7c5d4406650e.filesusr.com/ugd/61804c_0334e847063e42908a32bf3d0a81e6fa.pdf?index=true
- https://uploads.strikinglycdn.com/files/550a96b0-69bd-46a4-9ab3-e91c9c9fd9ed/hannah_arendt_la_banalit_del_male_film_streaming.pdf
- http://zibakogemigana.rf.gd/arcore_android_example_github.pdf
- http://scripts.sil.org/OFL
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000ec7d.bin08834c8d4b7ea27b6d1254bca4ab695a6c2fb5e23790165ba5495e5ea0c9feee |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xEC7D | 5652 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.