MALICIOUS
94
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
The PDF file contains a heuristic indicating an external URI pointing to a suspicious domain, and ClamAV detection confirms it as a phishing trojan. The document body, though heavily obfuscated, appears to contain text related to a 'Detective Conan episode guide', likely a lure to entice users to click the embedded malicious URL. No scripts were extracted, but the presence of an external URI and the phishing detection strongly suggest a phishing attack.
Machine Learning
- Nyx PDF Classifier malicious score 0.9521
Heuristics 3
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://trafficel.ru/aws?utm_term=detective+conan+episode+guide+list PDF link annotation
- https://kibutabez.weebly.com/uploads/1/3/4/4/134438896/424546.pdfIn PDF document text
- https://baboxubawuxi.weebly.com/uploads/1/3/4/6/134666135/fugaburabulis.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4411926/normal_5fab872c57a0f.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/37f0b51b-6c90-4a76-9b1b-83b7f7d4ad52/z_table.pdfIn PDF document text
- https://static1.squarespace.com/static/5fc5515dea4a794d56626c14/t/5fcd7da63ff1011540082ac5/1607302576169/tamapepapowusodo.pdfIn PDF document text
- https://static1.squarespace.com/static/5fc7aba6778af068263fedd7/t/5fcac80908ddca70c7435bb5/1607125002414/asteroid_warning_2020_nasa.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/4b8ce12f-8374-4ea1-aa2e-d0bdb19c0b60/94361492033.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/ca9125ce-372f-465e-8bb5-47092347c19f/tadaviweduvoz.pdfIn PDF document text
- https://static1.squarespace.com/static/5fc166e5ab79f442f22d24ec/t/5fc96a6c6c318e3cdc579136/1607035501687/relaxing_piano_music_for_sleeping_and_studying.pdfIn PDF document text
- https://static1.squarespace.com/static/5fc0f6bd5687f52b6b817d01/t/5fc1dc1a3570fb44d146d003/1606540325212/what_makes_an_american_and_american_literature.pdfIn PDF document text
- https://static1.squarespace.com/static/5fc5a4096b97992eb57be95c/t/5fc96aab04e7723ed2f964b4/1607035563696/nokavugodudetiramas.pdfIn PDF document text
- https://static1.squarespace.com/static/5fc0c24392c50b1a1e76d225/t/5fc2d698eaf37e3b64fa813a/1606604442555/54823901781.pdfIn PDF document text
- https://static1.squarespace.com/static/5fc0dd9b8ef7301f8b108504/t/5fc190ca61e25426e1734c6c/1606521041307/diane_chamberlain_books_on_kindle.pdfIn PDF document text
- https://static1.squarespace.com/static/5fbce344be7cfc36344e8aaf/t/5fbe00455147b14804f9380a/1606287430246/nova_launcher_prime_5.5.4_apk_mirror.pdfIn PDF document text
- https://static1.squarespace.com/static/5fc33495affbf90a66f9667f/t/5fc54d397acac6192a70d9d6/1606765883359/gajasudewiwisugajuwajujav.pdfIn PDF document text
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
stream_006_off00032624.bin |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x32624 | 138432 bytes |
SHA-256: bff95283a59417b9ca1ca94e168aabf0baf4c4eeb8459bc6582f801f40c1c94f |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.