MALICIOUS
100
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
The primary heuristic indicates this PDF is designed as an advance-fee scam, using language related to prizes or parcels to deceive the user. ClamAV detection as Pdf.Dropper.Agent-7266872-0 further confirms its malicious nature. No scripts were extracted, and the document body was unreadable, but the heuristic strongly suggests a social engineering attack.
Machine Learning
- Nyx PDF Classifier clean score 0.0001
Heuristics 2
-
ClamAV: Pdf.Dropper.Agent-7266872-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Dropper.Agent-7266872-0
-
Advance-fee lottery/parcel scam lure high SE_ADVANCE_FEE_SCAM_LUREDocument contains lottery/beneficiary or prize language together with large-value draft/funds wording and parcel/courier delivery requirements. This is a classic advance-fee fraud document shape.
Extracted artifacts 4
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_cff_off00005e72.bin6c97fa4fffc7debc9a2cda0f03c959490146a726fb2a292e3046cd97eca9fd89 |
pdf-font-stream | PDF embedded font (cff) at offset 0x5E72 | 7106 bytes |
font_01_cff_off000078c3.binb6b299aedc3313d63ab883acc633f003c543e1dffa333746e6269404279be1fe |
pdf-font-stream | PDF embedded font (cff) at offset 0x78C3 | 7338 bytes |
font_02_sfnt_off0000939a.binbc2e5a44db84413ef3f491b82dd1664a1e005ab01bbabbcf1831ad81d7390c54 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x939A | 14524 bytes |
font_03_sfnt_off0000ada0.bin64acf01811879cd08def5101eb6e06b4789c0b97548dfc4f3fa5b0e6bfaed40a |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xADA0 | 13904 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.