MALICIOUS
94
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF file contains an embedded URI that masquerades as a search result for a common query, likely to trick the user into clicking the link. ClamAV detection and ML classification indicate malicious intent, specifically a phishing or trojan payload. No scripts were extracted, but the presence of an external URI suggests a phishing attempt to redirect the user to a malicious site.
Machine Learning
- Nyx PDF Classifier malicious score 0.7190
Heuristics 3
-
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://leonvi.ru/award?keyword=how+long+does+it+take+to+cook+a+spiral+ham+from+costco PDF link annotation
- https://static.s123-cdn-static.com/uploads/4461767/normal_6005c380815e7.pdfIn PDF document text
- http://ppl-nutrshopfit.website/83993140481zcan3.pdfIn PDF document text
- http://yyyyyyhhhhh.space/brobar_boli_video_hd36a1h.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4422906/normal_60111f615baff.pdfIn PDF document text
- http://tegeboxurogon.iblogger.org/buddha_hoga_tera_baap_movie_hd.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4489716/normal_5fef1065a0668.pdfIn PDF document text
- http://ighelperscenter.com/what_temperature_does_a_big_chief_smoker_gettmxjx.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4463298/normal_60219593856f0.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4374979/normal_6001ea92c092a.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4366000/normal_601980474d58b.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://s3.amazonaws.com/kujesulad/pl_sql_developer_download_64_bit_free.pdfIn PDF document text
- https://s3.amazonaws.com/rebesudanolo/cesam_centre_de_formation.pdfIn PDF document text
- https://s3.amazonaws.com/midipes/king_of_weighted_calisthenics_program.pdfIn PDF document text
- http://bapomel.epizy.com/lawizuvawumapimiwuvodiz.pdfIn PDF document text
- https://s3.amazonaws.com/dudujopixejikug/zezopafejumiganokupuz.pdfIn PDF document text
- https://s3.amazonaws.com/kofabube/ansys_cfx_theory_guide.pdfIn PDF document text
- https://s3.amazonaws.com/sepovutapakogaf/japidozevob.pdfIn PDF document text
- http://dafudezukixoz.epizy.com/playstation_1_emulator_for_android_apk.pdfIn PDF document text
- http://xijasuda.rf.gd/32261738251.pdfIn PDF document text
- https://s3.amazonaws.com/wibedubosateg/invisible_influence_kevin_hogan.pdfIn PDF document text
- https://s3.amazonaws.com/tosego/55546118008.pdfIn PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000f61f.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xF61F | 5472 bytes |
SHA-256: c2eeacf7cde82a6d39827892e7dcae54e2136ff5ca77f5cf896313443e48871d |
|||
font_01_sfnt_off0001089f.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1089F | 10736 bytes |
SHA-256: 1497f8a7b8b9e66e4519c1da545e74c236c091c1c863b6939230b104bbb34dda |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.