MALICIOUS
94
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
This PDF document was flagged as malicious by ClamAV and an ML classifier. The file embeds external URLs that direct users to attacker-controlled resources. Specific URLs and indicators for this sample are listed in the indicators section.
Machine Learning
- Nyx PDF Classifier malicious score 0.8273
Heuristics 3
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://synerhu.ru/pbw?utm_term=satyanarayana+biochemistry+pdf+5th+edition PDF link annotation
- https://cdn-cms.f-static.net/uploads/4449766/normal_603b4a73caabe.pdfIn PDF document text
- https://static.s123-cdn-static-d.com/uploads/4406789/normal_60b00615a5026.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4492272/normal_6046ca1a0a362.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4479923/normal_60547b4186bec.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4419415/normal_6068480b4d712.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4467581/normal_6058c10a90084.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://uploads.strikinglycdn.com/files/146302be-51cc-4351-8a88-c92c556ab925/wowutisekesizuninu.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/e920a365-12a5-42ba-924b-36de307216ae/73354107806.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/5ed68d28-f89c-4c95-935d-6586264a37f7/what_are_three_biotic_factors_in_an_ecosystem.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/b7780fe9-6b99-41d3-a177-094ff2433329/fenupopofafuxowuzujitajo.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/a7cc2da9-2f6f-4cbe-a727-302887f02a5a/radulut.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/60f20f79-c57f-423e-b4a5-2dd0ff7d7d41/what_genre_is_the_percy_jackson_series.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/edbe21e0-71b4-4a44-8b06-ec0162363848/mini_14_tactical_300_blackout_review.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/c6a64438-4c93-4247-aaa2-7eb3924965ac/who_was_in_the_1st_estate_in_france.pdfIn PDF document text
- http://dekokos.pbworks.com/w/file/fetch/144416640/download_ets2_bus_simulator_indonesia_android.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/232d55f1-212f-4c0c-840f-844c7a2fef3d/25573183753.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/574a4eba-d33a-450f-ad47-0e4dbd8a4871/59280369532.pdfIn PDF document text
- http://wamotarirup.pbworks.com/f/what_color_are_baby_bella_mushrooms.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/8ac3604a-2983-4ead-ae17-53707825a447/tunapakojutoxolawefex.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/a69cfb1f-1813-4689-8bc4-54785b3f9b57/68316308570.pdfIn PDF document text
- http://tisowowuduwe.pbworks.com/w/file/fetch/144419148/nuwawujubibokokedadekuf.pdfIn PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000dba7.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xDBA7 | 5832 bytes |
SHA-256: 177ee2873e7d02c44605c5327258fc6d78c153ad52ce646edec9f639395b319b |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.