MALICIOUS
94
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The file is a PDF document flagged by multiple heuristics and a machine learning classifier as malicious, specifically identified as a phishing trojan. It contains an embedded URI pointing to a suspicious domain, which is likely part of a phishing lure to trick users into visiting a malicious website. No scripts were extracted, but the presence of the malicious URL and the overall classification strongly suggest a phishing attack.
Machine Learning
- Nyx PDF Classifier malicious score 0.9236
Heuristics 3
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://krisoc.ru/pbw?utm_term=n4+kanji+list+pdf+minna+no+nihongo
- https://static.s123-cdn-static-d.com/uploads/4384652/normal_60b1d1d9ba56b.pdf
- https://cdn-cms.f-static.net/uploads/4413011/normal_5fe7aad367137.pdf
- https://cdn-cms.f-static.net/uploads/4391624/normal_605f579766988.pdf
- https://static.s123-cdn-static.com/uploads/4407756/normal_5fc655ee6bb89.pdf
- https://cdn-cms.f-static.net/uploads/4505363/normal_6035e859de501.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- http://nigezid.pbworks.com/f/xozisiperuxutijul.pdf
- http://tosuvop.pbworks.com/w/file/fetch/144468519/folavaderekebemirafebu.pdf
- https://uploads.strikinglycdn.com/files/40630b5d-591f-41de-ae8c-1355571ebef7/absorptive_capacity_of_environment_examples.pdf
- https://uploads.strikinglycdn.com/files/3e7562ee-3093-4bdc-9e20-badc4bd4dd9b/54275869066.pdf
- http://ruwomodanom.pbworks.com/w/file/fetch/144475752/how_to_cook_a_spiral_glazed_ham.pdf
- http://poforezufovu.pbworks.com/w/file/fetch/144436413/bupefevuvup.pdf
- http://zepupifob.pbworks.com/f/evida_8gb_digital_voice_recorder_manual.pdf
- https://uploads.strikinglycdn.com/files/19b6469b-0cff-4cd8-ad4f-739cdb9eb03b/furatevimeki.pdf
- https://uploads.strikinglycdn.com/files/dd5cb233-89d6-4242-b59d-9cce8dd1bf3b/gumopadotuzupu.pdf
- http://xedidovetaw.pbworks.com/w/file/fetch/144414486/brentuximab_vedotin_uses.pdf
- https://uploads.strikinglycdn.com/files/47864683-d444-4961-bb59-02bc1fdf2a8f/parafivonuzokutovu.pdf
- https://uploads.strikinglycdn.com/files/b425dd57-6f60-4b58-9c26-c763b171a8df/math_30-1_textbook_answers.pdf
- https://uploads.strikinglycdn.com/files/70980d70-67a4-4091-910a-10df8dbbdb38/rikaruxejun.pdf
- http://fevawigo.pbworks.com/f/winabin.pdf
- https://uploads.strikinglycdn.com/files/2e65bbca-237d-4bb2-8a19-69b283524c6c/horizontal_projectile_motion_practice_problems_with_answers.pdf
- http://funinupun.pbworks.com/w/file/fetch/144411804/podebokaxebe.pdf
- http://lakebimutep.pbworks.com/w/file/fetch/144416355/kovufab.pdf
- https://uploads.strikinglycdn.com/files/995fd7ee-fd58-479f-8005-8c6c2c7fbb0c/behringer_inuke_nu6000_power_amp_manual.pdf
- http://lekuzax.pbworks.com/w/file/fetch/144413205/jiwojowavalam.pdf
- http://zexowisam.pbworks.com/f/what_are_some_advantages_and_disadvantages_of_geothermal_energy.pdf
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000e89e.binec2ece0ca9e0603a6942f7da7fc0c5a6308990057e5f23fddd2d31da0051e028 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xE89E | 14832 bytes |
font_01_sfnt_off000118f2.binff21b6e33405c557e1dfde4f0e060d6c2cdc0b5736895db19db3827836cdf586 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x118F2 | 5556 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.