MALICIOUS
94
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
This PDF document was flagged as malicious by ClamAV and an ML classifier. The file embeds external URLs that direct users to attacker-controlled resources. Specific URLs and indicators for this sample are listed in the indicators section.
Machine Learning
- Nyx PDF Classifier malicious score 0.8429
Heuristics 3
-
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://maypoin.ru/award?keyword=2019+polaris+ranger+1000+repair+manual PDF link annotation
- https://static.s123-cdn-static.com/uploads/4476946/normal_5fef7100b9f14.pdfIn PDF document text
- http://fawikenaxalu.scienceontheweb.net/foretoxafalikibip.pdfIn PDF document text
- http://zanofijufitif.22web.org/zufuroxizegogi.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4377095/normal_5fd6269da294e.pdfIn PDF document text
- http://raxejudesezix.scienceontheweb.net/numowuwo.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4425483/normal_6016df2eed172.pdfIn PDF document text
- https://cdn.sqhk.co/pobijejok/iVdOkWg/30963060553.pdfIn PDF document text
- http://poxumanavofeboz.scienceontheweb.net/11826842041.pdfIn PDF document text
- https://cdn.sqhk.co/xovepejegosi/Djaia9L/49732142017.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4426690/normal_602f0128a7c98.pdfIn PDF document text
- http://youralteragoods.com/plants_vs_zombies_download_full_version_free_apkjc1uw.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- http://kepepisex.epizy.com/replacement_remote_control_for_toshiba_dvd_player.pdfIn PDF document text
- https://s3.amazonaws.com/jidagafinuxesu/mipro_act-_30h_manual.pdfIn PDF document text
- https://s3.amazonaws.com/sivanira/98306345959.pdfIn PDF document text
- https://s3.amazonaws.com/kifutizijebuj/36889486423.pdfIn PDF document text
- http://xumugipetoje.epizy.com/types_of_contingency_tables.pdfIn PDF document text
- https://s3.amazonaws.com/gedesisumi/omlet_arcade_apk_free.pdfIn PDF document text
- http://wagopof.epizy.com/5629418115.pdfIn PDF document text
- http://zevesijuduma.atwebpages.com/80212540780.pdfIn PDF document text
- http://mewexudidis.epizy.com/bukopadabogilupemepopil.pdfIn PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000e721.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xE721 | 5528 bytes |
SHA-256: c0bb3111265827a541ef98713007a154853baeb91f95d88de93438e4793fac8c |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.