MALICIOUS
94
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
This PDF document was flagged as malicious by ClamAV and an ML classifier. The file embeds external URLs that direct users to attacker-controlled resources. Specific URLs and indicators for this sample are listed in the indicators section.
Machine Learning
- Nyx PDF Classifier malicious score 0.6876
Heuristics 3
-
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://dafemum.ru/award?keyword=icao+annex+14+volume+2+pdf PDF link annotation
- http://timinome.getenjoyment.net/brother_knitting_machine_spares_uk.pdfIn PDF document text
- http://xuwuvewisin.mypressonline.com/vodudopugo.pdfIn PDF document text
- http://naturelofo.mypressonline.com/nespresso_machine_lattissima_one_review.pdfIn PDF document text
- http://modozadubop.mywebcommunity.org/leica_m6_for_sale_australia.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- http://wemaxoseni.myartsonline.com/93273021037.pdfIn PDF document text
- https://s3.amazonaws.com/temujonuwu/senesowuwi.pdfIn PDF document text
- https://s3.amazonaws.com/tisegovofu/how_much_does_a_laser_wash_system_cost.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/8dfdb3f3-209c-4d12-af81-d346cc3e7036/dot_net_interview_questions_and_answers_shivprasad_koirala_free_download.pdfIn PDF document text
- https://s3.amazonaws.com/nawosineromigi/o_uraguai_baslio_da_gama_livro.pdfIn PDF document text
- http://zitulogakapede.myartsonline.com/best_version_of_as_a_man_thinketh.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/2847b71c-1527-4c3c-af81-c55980cab578/how_to_remove_petsafe_collar_battery.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/dd62099d-b467-4aaa-ab26-17290bd2eb44/alesis_dm5_dm5_pro_kit_manual.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/b7da7751-154e-4721-b98a-c70c3acf4ac1/josimevafezavop.pdfIn PDF document text
- http://xezaretidatoro.onlinewebshop.net/8309831491.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/d9581ca2-376d-4a33-855f-70cb2f508311/reset_oil_reminder_2012_toyota_highlander.pdfIn PDF document text
- https://s3.amazonaws.com/xokebore/financial_accounting_3rd_edition_solutions_manual.pdfIn PDF document text
- https://s3.amazonaws.com/posaxugidut/fuzetefid.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/d3505658-9b04-4bcd-ac90-763643e4db29/what_is_kundalini_kriya.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/5c2374a0-4a3b-4ead-bf9a-7e8e7e6a678e/pelukoxezolebosabowabab.pdfIn PDF document text
- https://s3.amazonaws.com/moduxanakuri/88050023898.pdfIn PDF document text
- https://s3.amazonaws.com/kosipefojaw/coulsdon_sixth_form_college_address.pdfIn PDF document text
- https://s3.amazonaws.com/jedadokuti/what_do_you_call_a_female_warrior.pdfIn PDF document text
- https://s3.amazonaws.com/dugibabafod/67690969674.pdfIn PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000c9e8.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xC9E8 | 5364 bytes |
SHA-256: fc2158cf24baefc68ccda1305a151df15407137dd2dbed2542ddfc271b96a6c4 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.