MALICIOUS
64
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
The file is identified as malicious by ClamAV, indicating it's a dropper. It contains an embedded URI pointing to 'http://www.foo.be/', which is likely the malicious destination. While no scripts were explicitly extracted, the PDF structure and the presence of an external URI suggest an attempt to redirect the user to a potentially harmful site, possibly for further exploitation or malware delivery.
Machine Learning
- Nyx PDF Classifier clean score 0.1171
Heuristics 3
-
ClamAV: Win.Trojan.Dropper-134 critical CLAMAV_DETECTIONClamAV detected this file as malware: Win.Trojan.Dropper-134
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://www.foo.be/
- http://www.gitorious.org/~adulau
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_cff_off00003d8a.bin09e18e495b68106a55aace3f441183e73b28de0f6fbcb0af0b76d08e38de00da |
pdf-font-stream | PDF embedded font (cff) at offset 0x3D8A | 15636 bytes |
font_01_sfnt_off00007386.bin1bbf8d898c7de34b2ed1bfb68d2725a06e3c5e09957aee601794b4fe88adb9f4 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7386 | 13054 bytes |
font_02_cff_off00009b0d.bin81cd2ec160f0dbbfecf3a7282aa50fb69c8be6a3e42aa5a6d27c573cc7517a2e |
pdf-font-stream | PDF embedded font (cff) at offset 0x9B0D | 7529 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.