MALICIOUS
94
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF document contains a lure related to making moonshine, which is a common social engineering tactic. It embeds a URL that likely leads to a malicious site, as indicated by the ML classifier and ClamAV detection. No scripts were extracted, but the PDF structure and embedded URI suggest an attempt to redirect the user to a malicious external resource.
Machine Learning
- Nyx PDF Classifier malicious score 0.9783
Heuristics 3
-
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://golowaki.ru/strik?utm_term=how+to+make+moonshine+still+step+by+step PDF link annotation
- https://static.s123-cdn-static.com/uploads/4404313/normal_5fc696eb5d9de.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4451545/normal_6014467d824c7.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4451025/normal_606dfdca85e1d.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://s3.amazonaws.com/nutanigonu/budisopipamepikus.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/875df301-e315-4c39-8c16-dee5cef9149e/reading_comprehension_practice_4th_grade.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/0c5b0e2d-3f14-4269-bd01-f7d140e85580/70751735881.pdfIn PDF document text
- https://s3.amazonaws.com/lanaladu/pensar_rpido_pensar_despacio_resumen.pdfIn PDF document text
- https://s3.amazonaws.com/votubukaxogilix/bemodo.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/6b6e657f-3d4d-4158-92cb-993a4044b99f/kirofamiropataf.pdfIn PDF document text
- https://s3.amazonaws.com/nademopor/animation_start_delay_android.pdfIn PDF document text
- https://s3.amazonaws.com/likerajatob/melhor_app_espio_para_android_gratis.pdfIn PDF document text
- https://s3.amazonaws.com/zeworibuzoza/sakiwexapefobejofegozivo.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/2f6f5acf-41fd-4b42-9235-97b8bd5e586c/82528021121.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/cb02e33a-eac6-43b0-b3c4-b8e9125a6b6f/35131314241.pdfIn PDF document text
- https://s3.amazonaws.com/vonutavekip/calorimetry_worksheet_with_answers.pdfIn PDF document text
- https://s3.amazonaws.com/jamuluvuvava/gf07_mini_gps_real_time_car_locator_tracker_magnetic.pdfIn PDF document text
- https://s3.amazonaws.com/zisulamisozoto/jojivedetivogafobojesiw.pdfIn PDF document text
- https://s3.amazonaws.com/xupizewuxere/melologa.pdfIn PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00010515.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x10515 | 5324 bytes |
SHA-256: 7f3bee9d6581e39ca2e1c24da38b80b1403b5972a850ce802379a628383b0b85 |
|||
font_01_sfnt_off00011718.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x11718 | 11560 bytes |
SHA-256: d9b1d0f7514b6c3041525a641b72bfef101254ec62c56b563f17c2191dc86244 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.