MALICIOUS
64
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The file is identified as malicious by ClamAV with a 'Pdf.Phishing.Trojan' signature. It contains an embedded URI pointing to 'https://xajibur.ru/wb?keyword=active%20and%20passive%20voice%20worksheets%20pdf%20for%20grade%206', which is likely used to deliver a malicious payload or conduct phishing. The document body is heavily obfuscated and unreadable, but the presence of the malicious URL and the ClamAV signature strongly suggest a phishing or trojan delivery attempt.
Machine Learning
- Nyx PDF Classifier clean score 0.0946
Heuristics 3
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://xajibur.ru/wb?keyword=active%20and%20passive%20voice%20worksheets%20pdf%20for%20grade%206
- https://cdn-cms.f-static.net/uploads/4414869/normal_6051590c80a2b.pdf
- https://cdn-cms.f-static.net/uploads/4376606/normal_6031065ea990f.pdf
- https://static.s123-cdn-static.com/uploads/4374002/normal_5ffeb50aafb84.pdf
- https://cdn-cms.f-static.net/uploads/4410694/normal_602c87894d353.pdf
- https://static.s123-cdn-static.com/uploads/4474759/normal_5fcf11fe578ca.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- http://fedorahosted.org/lohit
- http://smc.org.in)MeeraRegularMeera2016SMC7.0.0+20171102Hussain
- http://smc.org.inhttp://smc.org.in
- https://uploads.strikinglycdn.com/files/e03980a9-f73d-4321-a814-122efd84f6d1/importance_of_being_earnest_jack_character_analysis.pdf
- https://uploads.strikinglycdn.com/files/97846377-175f-4e17-9397-e3bebae8814f/fundamentals_of_microelectronics_behzad_razavi_wiley_2nd_edition_2014.pdf
- https://uploads.strikinglycdn.com/files/eae5b3ff-f7f6-4ccc-bd16-8506c9884f97/intro_to_political_science_textbook.pdf
- https://uploads.strikinglycdn.com/files/27bc4157-8dd5-455b-9cb4-2dbd48409262/cub_cadet_lt1050_starter.pdf
- https://uploads.strikinglycdn.com/files/a09106e1-cc71-47a6-b986-98f73123c99f/download_pes_2013_apk__data_for_android_offline.pdf
- https://uploads.strikinglycdn.com/files/d71427da-faf7-4703-af05-828ec2bf7786/40461983977.pdf
- https://uploads.strikinglycdn.com/files/b56654f2-e320-429f-bc28-b9a1e8d3fea8/58749195008.pdf
- https://uploads.strikinglycdn.com/files/710b19cf-1d97-4aa9-8cbd-04ab71960684/rca_10.1_android_tablet_with_keyboard_reviews.pdf
- https://uploads.strikinglycdn.com/files/9a75bd21-1832-479c-8c69-d68bfbbda8da/dusuxok.pdf
- https://uploads.strikinglycdn.com/files/ed456767-3f97-4198-ba68-cf0caef32989/what_is_a_sith_apprentice_called.pdf
- https://uploads.strikinglycdn.com/files/1f4766b8-554d-47e6-a116-e2efef892e68/que_significa_soar_con_cucarachas_en_todo_el_cuerpo.pdf
- https://uploads.strikinglycdn.com/files/7c3d9dcd-de20-4c63-be26-fb26a76cbcd3/what_is_the_philippine_health_care_delivery_system.pdf
- https://uploads.strikinglycdn.com/files/670f7d85-22a4-4789-8fd4-dc7f58bd9b10/boxaxuni.pdf
- https://uploads.strikinglycdn.com/files/34755487-c271-4527-862d-807e7528357d/how_to_put_together_a_lifetime_basketball_net.pdf
- https://uploads.strikinglycdn.com/files/b35e7efa-abdc-41f8-927e-23ad660f7ac9/letoxe.pdf
- https://uploads.strikinglycdn.com/files/41b6ec19-5d99-42b9-85f1-3e1fc8d23958/zogevis.pdf
- https://uploads.strikinglycdn.com/files/160b53d8-a691-4ea9-aaa5-04a7d74110e1/r_sreevani_psychology_book_download.pdf
- https://uploads.strikinglycdn.com/files/1bf12b01-9a32-4907-a555-89faa43c9ceb/36162726952.pdf
- https://uploads.strikinglycdn.com/files/d56d3144-db25-4058-9aa6-9719a756e2db/lusosidexogixewawunegazos.pdf
- https://savannah.gnu.org/projects/freefont/
- http://www.gnu.org/licenses/
- http://www.gnu.org/copyleft/gpl.html
- http://scripts.sil.org/OFL
- http://www.geocities.com/mitra_anirban/hobbies.htmGNU
- http://www.gnu.org/copyleft/gpl.htmRegular
- https://gitlab.com/smc/meera/blob/master/COPYING
- http://www.gnu.org/licenses/lgpl.htmlRegularDanhHong
- http://www.geocities.com/dnhhng
Extracted artifacts 8
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00043a4e.bin0e21f1561e6fd05b057627d60db69432e4e2e11e3569f018deda8c1ad265a3e5 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x43A4E | 6944 bytes |
font_01_sfnt_off00044b92.binf78921f319296357d9e7cda23f7deb45b5daa478b925df2e3f95162c5ced8237 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x44B92 | 4200 bytes |
font_02_sfnt_off00045a81.bin1d4565c8de56a0b28603a426ffdcfd19e046df2d62db035d371ac2ba8a73adb9 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x45A81 | 5744 bytes |
font_03_sfnt_off00046e27.bina38695fe50f49a181ebe6a268040f1a5d6813482ede4d66ac55372f1be80d056 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x46E27 | 2136 bytes |
font_04_sfnt_off00047791.bin69a64625eb46395e22fd6980ea713d80d2e6dac919c3e94cd201b303d2a5214b |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x47791 | 3900 bytes |
font_05_sfnt_off000483cd.bine54f575bea2af4637f816cfb1d5d736a11d65dd2f22f7df1327115ef8d763a5d |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x483CD | 2316 bytes |
font_06_sfnt_off00048d13.binbe6e31bba30e02db5da7a1eec3d26666f64e2f49b8238202b2dcaac8334a9f75 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x48D13 | 4016 bytes |
font_07_sfnt_off00049932.bina8d8ddff7cefa063273f9ca9b85b6c3adbe6cd36876168bc040ac1772ee2a0a4 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x49932 | 1472 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.