MALICIOUS
94
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF file was flagged by ML classifiers and ClamAV as malicious, specifically as a phishing trojan. It contains an embedded URI pointing to 'fokemale.ru', which is likely used to redirect the user to a malicious site. While no scripts were directly extracted, the presence of external URIs and the overall detection suggest a phishing or malware distribution attempt.
Machine Learning
- Nyx PDF Classifier malicious score 0.5893
Heuristics 3
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://fokemale.ru/award?keyword=al+mulk+latin+pdf
- http://antileqphh.site/space_shooter_mod_apk_unlimited_diamond75qsh.pdf
- https://sufosuzupunu.weebly.com/uploads/1/3/1/3/131379650/wadaxelod.pdf
- https://pulatufulufu.weebly.com/uploads/1/3/4/6/134610330/1641615.pdf
- https://cdn.sqhk.co/zesonixiv/W8Thbjg/halloween_costumes_adults_2020.pdf
- https://cdn-cms.f-static.net/uploads/4379377/normal_6022c1e731053.pdf
- https://cdn.sqhk.co/pozuwifofub/bgjiCgd/german_bundesliga_live_stream_simulcast.pdf
- https://cdn-cms.f-static.net/uploads/4384464/normal_600cbc21eea62.pdf
- https://digokevun.weebly.com/uploads/1/3/4/7/134747151/938425.pdf
- http://azakalaza3.xyz/pikes._io_brutal_squaddy78t.pdf
- https://cdn-cms.f-static.net/uploads/4384835/normal_6023e84fe5b26.pdf
- https://cdn.sqhk.co/livejizilul/oX7gaNb/70968438796.pdf
- https://cdn-cms.f-static.net/uploads/4482882/normal_6031845286e46.pdf
- https://nudezodubazez.weebly.com/uploads/1/3/1/1/131164524/lobetabud_zirodaga_talazubibowibup_fimimaduve.pdf
- https://cdn-cms.f-static.net/uploads/4485322/normal_5fd1ce8925a24.pdf
- https://xaburopufazig.weebly.com/uploads/1/3/6/0/136051881/bujopen.pdf
- https://cdn-cms.f-static.net/uploads/4416787/normal_605c4f48ddb1f.pdf
- https://cdn.sqhk.co/nalawanuxa/hhhZNRT/21684993763.pdf
- https://static.s123-cdn-static.com/uploads/4454425/normal_6007ad35790f8.pdf
- https://cdn.sqhk.co/jenireni/jjighbm/zikapubevabamodawaguxegum.pdf
- http://mosquito.codes/how_many_irregular_verbs_are_there_in_spanish_preteritetwx0t.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://uploads.strikinglycdn.com/files/6fcdffd7-4b14-4f02-a148-83a051e90bd7/2007_chevy_silverado_repair_manual.pdf
- https://uploads.strikinglycdn.com/files/0a05c2bd-0312-4b71-b6f8-c6632a69f0a3/renaverivoledavinawok.pdf
- https://uploads.strikinglycdn.com/files/654560eb-5b65-4c94-afc6-6d1591605582/51923068068.pdf
- https://uploads.strikinglycdn.com/files/4db2baea-417d-4fe3-9127-b713ce002520/newofedopunasutodu.pdf
- https://uploads.strikinglycdn.com/files/32d06b8d-03fd-4b2e-8fda-21c9d50baee8/champion_generator_repair_dealers.pdf
- http://dejavu.sourceforge.net
- http://scripts.sil.org/OFL
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
stream_007_off000185a8.bin39a733110f0df973a74db020c15060b4ddb3b58e600d38181dda35e97598dd35 |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x185A8 | 26689 bytes |
font_00_sfnt_off00014e8b.bin65897b4a747d324da9bf64ef56111b2ea625706948938e320479f163ea81b63f |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x14E8B | 4964 bytes |
font_01_sfnt_off00015f67.binf194b986f5ea28f2749af541bcf01da20b3191fc87ba757c43fbf66aa944b948 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x15F67 | 11992 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.