MALICIOUS
94
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The file is a PDF document that contains an embedded URL pointing to a suspicious domain. ClamAV and ML classifiers flagged this PDF as malicious, specifically identifying it as a phishing trojan. The document body, though heavily obfuscated, appears to be related to technical information, likely a pretext to disguise the malicious intent of directing the user to the external URL.
Machine Learning
- Nyx PDF Classifier malicious score 0.8041
Heuristics 3
-
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ponafet.ru/wb?keyword=how%20to%20clear%20a%20fault%20on%20micrologix%201500
- https://static.s123-cdn-static.com/uploads/4496605/normal_5ff1ae6556aae.pdf
- https://static.s123-cdn-static.com/uploads/4388041/normal_600945cf608b1.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://uploads.strikinglycdn.com/files/843a99b1-e967-465d-96a0-7e1be43bbbe6/93001883224.pdf
- https://uploads.strikinglycdn.com/files/b93f82bd-f737-4412-a414-61c8a5070419/dvo_diamond_tuning_guide.pdf
- https://uploads.strikinglycdn.com/files/3414b851-4bff-47a0-94ed-59cbf50a604f/security_analysis_and_portfolio_management_in_hindi.pdf
- https://uploads.strikinglycdn.com/files/637194e6-d79f-48d2-8870-248dac1da02f/the_power_of_the_powerless.pdf
- http://rubepikonot.pbworks.com/w/file/fetch/144658926/folozodokarupogejizad.pdf
- https://uploads.strikinglycdn.com/files/d8def822-fda9-47cf-bd9c-333fc4c17f73/wasemejufugunuru.pdf
- https://uploads.strikinglycdn.com/files/48bc5841-7051-48a5-8c4a-61cbc6da53ab/how_do_i_change_the_combination_on_a_sentry_safe.pdf
- http://kunozulig.pbworks.com/w/file/fetch/144545610/feature_update_to_windows_10_version_1903_-_error_0x8024a205.pdf
- https://uploads.strikinglycdn.com/files/a294012e-2112-422f-9926-64c63b945ed4/dogomivonivawe.pdf
- https://uploads.strikinglycdn.com/files/41f116c9-28cf-4b70-bc81-7bad95056228/fomofasexemoxenimoxojexa.pdf
- http://rasetewi.pbworks.com/w/file/fetch/144668643/how_do_gmos_affect_human_health.pdf
- http://tazijebep.pbworks.com/w/file/fetch/144419616/21294455551.pdf
- https://uploads.strikinglycdn.com/files/a007c8ad-933f-4f7d-8c25-4dc2d3277d72/how_to_put_water_in_brita_water_bottle.pdf
- http://mokapuv.pbworks.com/f/jonuxajatimigufezej.pdf
- http://fawugomem.pbworks.com/f/xisaragikakodozalelu.pdf
- https://uploads.strikinglycdn.com/files/568fe42c-e0f8-4be2-9e24-d93c4357e40e/how_to_turn_a_large_crochet_circle_into_a_square.pdf
- http://kizisoj.pbworks.com/w/file/fetch/144515559/south_indian_movie_filmywap_download_2018.pdf
- https://uploads.strikinglycdn.com/files/2b94e538-fc32-4af9-bf3a-18426c5e7791/55234297739.pdf
- http://vugufosenene.pbworks.com/f/where_can_i_train_blacksmithing_past_225.pdf
- http://popuwepux.pbworks.com/w/file/fetch/144590610/download_album_soundtrack_fast_and_furious_8.pdf
- http://jesababa.pbworks.com/w/file/fetch/144614892/wimogikigukigutovavopof.pdf
- https://uploads.strikinglycdn.com/files/2961ddc0-9622-4c35-bcd0-18520d564e32/sifewenodapil.pdf
- https://uploads.strikinglycdn.com/files/7ad8c9e9-450f-4e6d-86e4-d2fee34062ae/47386280364.pdf
- http://scripts.sil.org/OFL
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0001046b.bina12e055103ff177541b2b579061e968a6199197fbd2079ddd2a0c650e4844160 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1046B | 5344 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.