MALICIOUS
72
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
This PDF is identified as an image-only lure, containing a single non-reputable link to http://lorafrank.infomail222.ru. The document body contains text that appears to be part of the PDF structure rather than user-readable content, and no scripts were extracted. The ML classifier also flagged this PDF as malicious, supporting the conclusion that it is likely used for phishing or malware distribution.
Machine Learning
- Nyx PDF Classifier malicious score 0.5785
Heuristics 3
-
Image-only document with action trigger (screenshot lure) medium PDF_IMAGE_LUREPDF has 2 image(s), only 0 text block(s), carries a click-outward action, and is only 10 KB — typical shape of a phishing lure where a full-page screenshot hides a clickable button that launches or submits to an attacker URL.
-
Image-only PDF lure with a single link to a non-reputable host medium PDF_IMAGE_LURE_NONREPUTABLE_LINKPDF is image-heavy with little real text and its only clickable action is a single external link to a host that is not known-good. This is the canonical malspam carrier shape — a screenshot-like 'click to view' page whose sole purpose is to funnel the victim to one redirect/landing URL on a compromised or throwaway domain. Flagged suspicious rather than malicious because the link alone (no shortener / typosquat / brand path) is the only corroborator beyond the image lure.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://lorafrank.infomail222.ru In PDF document text
- http://en.wikipedia.org/wiki/MIT_LicenseIn PDF document text
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00000f42.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xF42 | 14372 bytes |
SHA-256: 073803de7bb0ddea89e919c39ebbdd6fe2ca9b61d7ca1b42d428683bb9a47022 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.