CLEAN
6
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
The primary heuristic indicates this PDF is an advance-fee scam, using language related to lotteries, prizes, or parcels to trick the user. While no scripts were extracted, the presence of an external URI pointing to a legitimate-looking site suggests a potential attempt to gather information or redirect the user. The overall structure and content align with common phishing and social engineering tactics.
Machine Learning
- Nyx PDF Classifier clean score 0.0023
Heuristics 3
-
External URI info PDF_URIPDF contains an external URL action
-
Suspicious extracted artifact info EXTRACTED_FILE_STATIC_TRIAGEOne or more files extracted from inside this sample matched static suspicious-content checks such as script obfuscation, encoded payload blobs, packed data, or execution/download terms.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://www.totalbatteryconsulting.com/industry-reports/xEV-report/Extract- In PDF document text
- https://www.autovistagroup.com/news-and-insights/eu-subsidise-In PDF document text
- http://www.bjcz.gov.cn/zwxx/tztg/t20160414_602511.htmIn PDF document text
- http://bellona.org/news/transport/electric-In PDF document text
- http://www.byd.cn/BYDEnglish/In PDF document text
- http://chinaautoweb.com/2017/01/best-selling-china-made-evs-in-2016/In PDF document text
- http://www.hybridcars.com/gm-ev-battery-cells-down-to-In PDF document text
- https://www.economistIn PDF document text
- http://ev-sales.blogspotIn PDF document text
- http://szs.mof.gov.cn/In PDF document text
- http://www.elektroniknet.de/design-elektronik/power/bundesregierung-foerdert-In PDF document text
- https://hipa.hu/In PDF document text
- http://www.hybridcarsIn PDF document text
- http://www.oica.net/category/production-In PDF document text
- https://electrekIn PDF document text
- https://www.marklinesIn PDF document text
- http://www.chinatax.gov.cn/In PDF document text
- http://www.miit.gov.cn/n1146290/n4388791/c5600433/content.htmlIn PDF document text
- http://www.miit.gov.cn/n1146285/n1146352/n3054355/n3057585/n3057589/c5375253/In PDF document text
- http://www.miit.gov.cn/n1146295/n1652858/n1652930/In PDF document text
- http://www.miit.gov.cn/In PDF document text
- http://www.ndwww.cn/xw/ndxw/2016/0909/28551.shtmlIn PDF document text
- http://nissaninsider.co.uk/made-in-britain-the-new-nissan-In PDF document text
- https://www.ethree.com/documents/E3-NRDC_EVs_In PDF document text
- http://www.m-five.de/pdf/M_Five_Battery_Value_Chain_in_GER_160703_FINAL.pdfIn PDF document text
- http://www.samsungsdi.com/sdi-news/1642.html?pageIndex=1&idx=16In PDF document text
- http://www.szpbIn PDF document text
- http://www.theicctIn PDF document text
- https://www.arbIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- https://www.arb.ca.gov/msprog/acc/mtr/acc_mtr_summaryreport.pdfIn PDF document text
- https://www.cliffordchance.com/briefings/2017/02/foreign_direct_In PDF document text
- https://www.theicct.org/publications/In PDF document text
- http://michiganradio.org/post/gm-criticized-seeking-detroit-tax-abatementIn PDF document text
- http://www.rgj.com/story/news/2014/09/04/nevada-In PDF document text
- http://www.handelsblatt.com/unternehmen/industrie/e-mobilitaet-elektroautos-und-In PDF document text
- https://www.theicct.org/publications/ec-proposal-In PDF document text
- http://www.manager-magazin.de/unternehmen/autoindustrie/In PDF document text
- http://ec.europa.eu/competition/state_aid/cases/241370/241370_1612444_272_2.pdfIn PDF document text
- http://europa.eu/rapid/press-release_In PDF document text
- http://www.eib.org/efsi/what-is-efsi/In PDF document text
- http://ec.europa.eu/In PDF document text
- http://www.chinadaily.com.cn/cndy/2012-07/10/content_15563187.htmIn PDF document text
- https://www.reuters.com/article/us-lgchem-factory-poland/lg-to-open-europes-In PDF document text
- https://www.golem.de/news/autoakkus-terra-e-baut-fabrik-fuer-batteriezellen-wohl-In PDF document text
- http://www.mlive.com/business/west-michigan/indexIn PDF document text
- https://www.theicct.org/publications/EV-capitals-of-the-worldIn PDF document text
- http://theicct.org/literature-review-power-utility-best-practices-In PDF document text
- https://www.theicct.org/publications/emerging-best-practices-electric-vehicle-In PDF document text
+47 more URL(s)
Extracted artifacts 7
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_cff_off000035ac.bin |
pdf-font-stream | PDF embedded font (cff) at offset 0x35AC | 8627 bytes |
SHA-256: 63dd0a28db969202e0147f0d267c0e028e280657ba0fe7f8df6480ed95a3eb58 |
|||
font_01_cff_off00004f43.bin |
pdf-font-stream | PDF embedded font (cff) at offset 0x4F43 | 5225 bytes |
SHA-256: bb6c770008b2634afc6cb40fbfb680f98b010b62275df8b16681913d1d554e7c |
|||
font_02_cff_off00005fe9.bin |
pdf-font-stream | PDF embedded font (cff) at offset 0x5FE9 | 4964 bytes |
SHA-256: 69b29db008e2235f1e05c4aa1332ce9020d59d5d6e5fb5292bb85592088f4fcd |
|||
font_03_cff_off00013f6b.bin |
pdf-font-stream | PDF embedded font (cff) at offset 0x13F6B | 1988 bytes |
SHA-256: cb63493004e1bba9b41b989ecf55713ecaa5e445e90eafac4d7f34631486f720 |
|||
font_04_cff_off0007c8a6.bin |
pdf-font-stream | PDF embedded font (cff) at offset 0x7C8A6 | 1771 bytes |
SHA-256: fc3238b0ee0b25f1e2e7462567da0d4bb77c9a40e44da05ea6877f2d2ecb3e94 |
|||
font_05_cff_off0007db7c.bin |
pdf-font-stream | PDF embedded font (cff) at offset 0x7DB7C | 6015 bytes |
SHA-256: 83cf53f20c4d5d5ca6501b77dfbc24bacbb83039a63b92ecaa54e1e0cf64cb14 |
|||
font_06_cff_off0007ef61.bin |
pdf-font-stream | PDF embedded font (cff) at offset 0x7EF61 | 33068 bytes |
SHA-256: 77dd7c1cfe92d205f94b3ce284ea700acc134476397ffad8a8922e4e776cb953 |
|||
|
Detection
ClamAV:
No threats found
Obfuscation or payload:
likely
Carved artifact entropy is 7.40, consistent with packed or encrypted content.
|
|||
Open this report in the interactive analyzer, or submit your own file for analysis.