CLEAN
4
Risk Score
Malware Insights
MITRE ATT&CK
T1059.001 PowerShell
The PDF document contains an embedded URI pointing to a suspicious external domain. The document body itself is heavily obfuscated and appears to be malformed, but the presence of the external link is a strong indicator of malicious intent. The link likely leads to a phishing or malware distribution site.
Machine Learning
- Nyx PDF Classifier clean score 0.0006
Heuristics 2
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://eurogearusa.com/Strategy-Consultant/oWa/index.php PDF link annotation
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- https://www.verisign.com/repository/CPS��In PDF document text
- https://www.verisign.comIn PDF document text
- https://www.verisign.com/repository/verisignlogo.gif06In PDF document text
- http://status.verisign.com/class1.crl0In PDF document text
- http://www.microsoft.com/typographyIn PDF document text
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00003a42.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x3A42 | 55524 bytes |
SHA-256: 150a72b8e55509153e5960c87f8f87dda5a6a7747ec88a85af22734b2c3140ae |
|||
font_01_sfnt_off0000682d.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x682D | 53024 bytes |
SHA-256: 59e75223d82098ee5c455f3d77dabbe781e95837bbf275e7a58add96071ce9f6 |
|||
font_02_sfnt_off00008a7a.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x8A7A | 14768 bytes |
SHA-256: 0ea1c573e9ce06f4ad7745c0a0b002268a4d5e466563f7648b39c0c31c673d89 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.