MALICIOUS
94
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF file was flagged by multiple heuristics, including a machine learning classifier and ClamAV, indicating malicious content. The embedded URL points to a suspicious PDF file hosted on a compromised website, likely intended to trick the user into downloading a malicious application. No scripts were extracted, but the presence of embedded URLs and the overall detection suggest a phishing or malware distribution attempt.
Machine Learning
- Nyx PDF Classifier malicious score 0.9522
Heuristics 3
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://xlux.vn/wp-content/plugins/super-forms/uploads/php/files/tejp2s3fo78bvtgvhl4gm151eo/93961126527.pdf
- https://www.hdontheroadnapoli.it/wp-content/plugins/formcraft/file-upload/server/content/files/16087b13e6a320---dadidim.pdf
- https://pyhm.ca/wp-content/plugins/super-forms/uploads/php/files/qnrf8g363mbnsbhhhahmijf8i7/6845166852.pdf
- http://freemansphotography.com/wp-content/plugins/formcraft/file-upload/server/content/files/1608f5120a5450---refifoweje.pdf
- http://www.cargeacrew.com.br/wp-content/plugins/formcraft/file-upload/server/content/files/160851f952b5a7---39699513510.pdf
- http://atdawnwelift.com/userfiles/file/dezevimodibujupudisur.pdf
- http://kennyre.com/wp-content/plugins/formcraft/file-upload/server/content/files/16090527b3d0d1---71717716974.pdf
- http://stylist.in.ua/wp-content/plugins/formcraft/file-upload/server/content/files/160926e1493a74---juxivo.pdf
- https://allianceflooring.net/wp-content/plugins/super-forms/uploads/php/files/ec20eec2508005e6551fe7a12176c147/844803527.pdf
- https://sellos-mecanicos.com/wp-content/plugins/super-forms/uploads/php/files/1322b7551848f98e8084d7bc16dc21a9/33928729970.pdf
- http://fouladsazanco.com/Upload/file/55443583686.pdf
- http://www.investing-in-women.com/wp-content/plugins/formcraft/file-upload/server/content/files/1606f8543cce0f---kasatot.pdf
- http://accessiblevehicleservices.com/userfiles/file/petanokijanonezadejonekak.pdf
- http://kaufdeinauto.de/wp-content/plugins/formcraft/file-upload/server/content/files/160703eb838788---37441404582.pdf
- http://www.yourhealthyourchoice.org/wp-content/plugins/formcraft/file-upload/server/content/files/16098fa8f9a605---1217448837.pdf
- http://raunlarose.us/wp-content/plugins/formcraft/file-upload/server/content/files/160a00db87f5fa---mekuronojim.pdf
- https://suemsas.com/wp-content/plugins/super-forms/uploads/php/files/vq4hmahabfdo9q0mhkflpau8v5/duwelibinetavunojowaduz.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://feedproxy.google.com/~r/Uplcv/~3/cv9VXjIrmdE/uplcv?utm_term=download+pixel+gun+3d+fps+shooter+%2526+battle+royale+mod+apk
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000cbdc.bina698e80f72089c6137a1a806068c8c09140a1b57e6fb219ef7b695591b059038 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xCBDC | 5628 bytes |
font_01_sfnt_off0000df1a.bin12856e2a8419ee26cf17265701ada4e06c644cbb697466eb1b676e57e57d630a |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xDF1A | 1956 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.