MALICIOUS
94
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
This PDF document was flagged as malicious by ClamAV and an ML classifier. The file embeds external URLs that direct users to attacker-controlled resources. Specific URLs and indicators for this sample are listed in the indicators section.
Machine Learning
- Nyx PDF Classifier malicious score 0.7187
Heuristics 3
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://lozipotod.ru/strik?utm_term=text+to+image+generator+online PDF link annotation
- https://static.s123-cdn-static.com/uploads/4408009/normal_5ff6c14fa1ec1.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4426556/normal_60637f7c29323.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4470389/normal_5fc8c71db17b6.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4387060/normal_60604b364825a.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4463279/normal_6066de1c62f66.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4476133/normal_600eec211ef21.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4415065/normal_6044825a50b37.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4366668/normal_6036bef8f1c22.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4422877/normal_604e81606694d.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://uploads.strikinglycdn.com/files/9c6855fe-f95b-4510-83e4-1b4d64a3ab56/bajegomizibuzotobutefa.pdfIn PDF document text
- https://s3.amazonaws.com/tozaduliwubega/aditya_birla_mutual_fund_common_application_form.pdfIn PDF document text
- https://s3.amazonaws.com/lomogas/gap_analysis_template_sample.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/094a3fdb-55c1-44b3-817e-5656b26fd8dc/semagopivigowosowerisoz.pdfIn PDF document text
- https://s3.amazonaws.com/jinotugiwomo/arcsine_square_root_transformation_in_sas.pdfIn PDF document text
- https://s3.amazonaws.com/zevutebulaworel/capitec_app_apk_latest_version.pdfIn PDF document text
- https://s3.amazonaws.com/vonutavekip/xowutexonoze.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/56585353-2aa2-4b4a-8ad7-2f50eed1b83d/feradeperinak.pdfIn PDF document text
- https://s3.amazonaws.com/goviwigax/alagappan_medicine_7th_edition_free.pdfIn PDF document text
- https://s3.amazonaws.com/xifabilejilab/battery_charging_cycles_android.pdfIn PDF document text
- https://s3.amazonaws.com/wolina/69618198946.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/c3ee7db6-79fd-4f7c-ac8f-f276edcad3cc/sat_march_2020_results.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/5f5fe192-a5ed-4c8e-8ec4-76aa62624cf4/insinkerator_evolution_parts_diagram.pdfIn PDF document text
- https://s3.amazonaws.com/dakebesuvum/primeros_auxilios_psicologicos_cruz_roja_mexicana.pdfIn PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00010bf8.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x10BF8 | 4844 bytes |
SHA-256: 7f2183bbb72875debd345658610e3e4f99dea19083409e196ada0a47315dae9b |
|||
font_01_sfnt_off00011c5c.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x11C5C | 11208 bytes |
SHA-256: 5ce1280e17f4ab2cc20574de447130105012063aedbf68c0ba4c67673191e53d |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.