MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The file is a PDF document that contains an embedded URI pointing to a suspicious domain, identified by both heuristics and a machine learning classifier as malicious. The ClamAV detection further confirms its malicious nature, flagging it as a phishing trojan. The presence of embedded URLs suggests an attempt to redirect the user to a malicious site, likely for credential harvesting or further malware delivery.
Machine Learning
- Nyx PDF Classifier malicious score 0.7768
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
PDF differential parser failed info PDF_DIFFERENTIAL_PARSE_FAILEDThe cross-check parser (pdfminer.six) failed on this file: PDF differential parser failed: PDFSyntaxError. Static heuristics still ran and any of their findings above are valid; only the differential cross-check signal is missing.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://soxebez.ru/award?keyword=slant+asymptote+pdf
- https://xebololu.weebly.com/uploads/1/3/4/3/134340913/940523.pdf
- https://gejizataki.weebly.com/uploads/1/3/3/9/133997606/wowikoxipap-zimuxare-pusafik-miwusawujubeven.pdf
- http://tortomsk.ru/654362285244bb3e.pdf
- http://lepavojag.22web.org/nerakaburibovoxubebew.pdf
- http://passive-income.ru/eva_luna_telenovela_capitulo_110jc558.pdf
- http://marketes.pro/who_owns_weider_fitnessr4hse.pdf
- http://about-central.com/75313527200lulb7.pdf
- http://sukimokafepot.22web.org/sequence_and_series_class_11_formulas.pdf
- https://nazumuliwoj.weebly.com/uploads/1/3/1/3/131383416/mepegoxakafa-gepulipefaluniz-juzewukodewuj.pdf
- https://kadefevexenikoz.weebly.com/uploads/1/3/0/8/130813118/mevegikiwi.pdf
- http://kexufiloruruki.22web.org/66090071973.pdf
- http://jewlgems.com/6121459889763tit.pdf
- http://delayikapy.xyz/60372767476w5a19.pdf
- http://wbigs.space/zebarujidd9db.pdf
- http://freud.icu/casio_g_shock_manual_47787oku9.pdf
- http://reetodo.online/sepiwijejigasakasarae55zn.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- http://fefomuk.epizy.com/how_to_use_jlab_earbuds.pdf
- http://mujedofagogi.epizy.com/glencoe_geometry_answer_key_chapter_6.pdf
- https://35548484-ce42-4b18-9d9d-834326683263.filesusr.com/ugd/a221b6_a43d6b23aa2e4d0e8d9007f10618f83d.pdf?index=true
- https://d8ec88ce-93b1-4b83-b294-7016fd5b5063.filesusr.com/ugd/366252_0dc518a7680e47ff9056aba3fa16bb3b.pdf?index=true
- http://misosemarimo.rf.gd/kugexizufixukunuge.pdf
- http://zalaxorenisev.epizy.com/animal_crossing_wild_world_appearance_guide.pdf
- https://a26b494c-4f54-4b9d-aaa3-e02d462d315a.filesusr.com/ugd/c6268f_78c74b63b13c4cca8e03d8b4b3c264d4.pdf?index=true
- http://scripts.sil.org/OFL
- http://dejavu.sourceforge.net
- http://dejavu.sourceforge.net/wiki/index.php/License
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000e83d.bin05b9bd9c05788788c4dce58a44a1a21d1574af6205934e3474b183124013379a |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xE83D | 5296 bytes |
font_01_sfnt_off0000fa3d.binc912bc6236f12999ca793ade704bd2beafda3442f10ea13b3c6d07520710cb24 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xFA3D | 11164 bytes |
font_02_sfnt_off000120d1.binccf42771811f3bfcfc4881e0ea26c61020463520b77f542a172ed5d532e4d210 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x120D1 | 16088 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.