CLEAN
4
Risk Score
Malware Insights
MITRE ATT&CK
T1059.007 JavaScript
T1566.001 Spearphishing Attachment
The PDF is encrypted and contains embedded JavaScript, a common technique to obfuscate malicious payloads. The presence of an 'IMAGE_ONLY_LURE' heuristic suggests the document may be designed to trick users into interacting with it, potentially to trigger the hidden script. The embedded URLs, while mostly benign or unknown, indicate potential communication channels for the malware. The primary attack pattern involves exploiting the PDF format to deliver an unknown secondary payload via JavaScript.
Machine Learning
- Nyx PDF Classifier clean score 0.0041
Heuristics 2
-
Encrypted PDF (string and stream contents are opaque to static scan) info PDF_ENCRYPTEDPDF declares /Encrypt — string objects and stream contents are encrypted with the standard security handler (RC4 or AES). On its own this is informational; legitimate encrypted documents include signed contracts, billing statements, and rights-managed material. Static heuristics cannot inspect encrypted payload bytes.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://blogespiritaavozdaverdade.com.br In PDF document text
- http://www.verdadeluz.com.br/lista-de-centros-espiritas-pelo-brasil/In PDF document text
- http://www.neapa.org.br/centros_espiritasIn PDF document text
- http://www.oconsolador.com.br/ano7/347/oespiritismoemoutrospaises.htmlIn PDF document text
- http://cei-spiritistcouncil.com/paises-membros/?lang=pt-In PDF document text
- http://centroespiritajoanadarc.com/In PDF document text
- http://www.acaminhodaluzituiutaba.com.br/index.php?option=com_contact&view=contact&iIn PDF document text
- http://www.pontalespirita.com.br/index/index.php/fale-In PDF document text
- http://www.feak.org/In PDF document text
- http://www.jesusnazare.com.br/contato/In PDF document text
- http://ide-jf.org.br/In PDF document text
- http://www.cepainfo.org/index.php?option=com_contact&view=contact&id=1:contacto&IteIn PDF document text
- http://www.espiritualidades.com.br/contato.htmIn PDF document text
- http://www.cejn.org.br/news/casas-espiritas-santa-In PDF document text
- http://www.espiritismoemdebate.com.br/paginas_do_site/enderecos/amapa.htmlIn PDF document text
- https://www.fergs.org.br/fale-conoscoIn PDF document text
- http://www.fero.org.br/fale-conoscoIn PDF document text
- http://www.correiofraterno.com.br/index.php?option=com_content&task=view&id=179In PDF document text
- http://180graus.com/espiritaIn PDF document text
- http://www.ameees.org.br/In PDF document text
- http://cei-spiritistcouncil.com/paises-In PDF document text
- http://espiritismoquito.blogspotIn PDF document text
- http://www.ceanet.com.ar/centros-espiritas/In PDF document text
- http://www.espiritismoenmexico.org/index.php/contacto#cid_115In PDF document text
- http://masdemx.com/In PDF document text
- http://bruxelles.cesak.orgIn PDF document text
- http://www.torontospiritistsociety.org/In PDF document text
- http://www.febtv.com.br/contact_us.phpIn PDF document text
- http://radioetvamorfraterno.com/In PDF document text
- http://www.tvalvoradaespirita.com.br/contato.phpIn PDF document text
- https://tvnovaluz.com/In PDF document text
- http://www.tvaberta.tv.br/contatoIn PDF document text
- http://www.visaoespirita.tv/fale_conoscoIn PDF document text
- http://tvmundialdeespiritismo.com/contato.jsfIn PDF document text
- http://soudubem.com/radiodubem/In PDF document text
- https://www.radioriodejaneiro.am.br/In PDF document text
- http://www.avozdoespiritismo.com.br/In PDF document text
- http://radioboanova.com.br/In PDF document text
- http://jornalcienciaespirita.spiritualist.one/In PDF document text
- http://www.correioespirita.org.br/entre-em-contato-conoscoIn PDF document text
- http://jornalespacoespirita.com.br/index.php/contato/In PDF document text
- http://www.revistaautadesouza.com/index.php/contatoIn PDF document text
- http://www.lardefreiluiz.org.br/contato/In PDF document text
- http://www.mundoespirita.com.br/In PDF document text
- https://www.portalser.org/contato/In PDF document text
- http://www.espiritismoeluz.org.br/In PDF document text
- https://espirito.org.br/contato/In PDF document text
- http://www.nucleoespiritanovaera.com.brIn PDF document text
- http://cebemcatanduva.com.brIn PDF document text
- http://www.abrigobezmenezes.org.br/In PDF document text
+81 more URL(s)
Extracted artifacts 4
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off001eb50c.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1EB50C | 174408 bytes |
SHA-256: 31f454cd10c3c8194174a6149a3eaf026e54edf9bc3486205c5b11839a16a8e9 |
|||
font_01_sfnt_off001ffbb4.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1FFBB4 | 229736 bytes |
SHA-256: 93b453deee9468978c0992472055ae44f8b2089261b1fe8f0d07b5916ecc5733 |
|||
font_02_sfnt_off00212fdb.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x212FDB | 28148 bytes |
SHA-256: 2428df7e6a90edacd13c8fa289741db4114ab71d9b49ef4366576a244d44c684 |
|||
font_03_sfnt_off00216367.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x216367 | 210432 bytes |
SHA-256: 5f8f3ba5ea67b16d43c0e1976f13f2f90a940ef485c80406f2ac13f9d832aa8d |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.