MALICIOUS
94
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF contains embedded URLs that point to other PDF files and an HTML file, suggesting a phishing or redirection attempt. The document body mentions 'Obs crashing on startup', likely a lure to trick users into interacting with the malicious content. The ClamAV detection and ML classifier strongly indicate malicious intent, likely related to phishing campaigns distributing further malware.
Machine Learning
- Nyx PDF Classifier malicious score 0.9998
Heuristics 3
-
ClamAV: Pdf.Phishing.TtraffRobotInstall-7605656-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.TtraffRobotInstall-7605656-0
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://neuroactiveexercise.com/uploads/1/3/0/6/130639140/tikepefegemov.pdf
- http://futigikoro.pushkino-narkologiya.ru/uploads/2020/01/28/dagibabamipuxoz.pdf
- http://atozconstructionsinc.com/uploads/1/3/0/2/130272905/1659401.pdf
- http://alexandriasday.com/uploads/1/3/0/6/130605113/wuxal.pdf
- http://cecilyeiferle.com/uploads/1/3/0/4/130488513/130488513.html#obs+crashing+on+startup
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00001096.binddbf37f76e715b7c6f132bc6efed598ffec5d97dfa3cc2d94b8e344c2508704d |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1096 | 8892 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.