MALICIOUS
94
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
The file is identified as malicious by ML classifiers and ClamAV, specifically flagged as a phishing trojan. It contains an embedded URI pointing to an external URL, which is a common technique for phishing or malware distribution. Although no scripts were explicitly extracted, the PDF structure and the presence of external URLs suggest an attempt to redirect the user to a malicious site.
Machine Learning
- Nyx PDF Classifier malicious score 0.9470
Heuristics 3
-
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://irlanc.ru/uplcv?utm_term=early+signs+of+ataxia PDF link annotation
- https://vishalahospitality.com/ckfinder/userfiles/files/jimodirofalerero.pdfIn PDF document text
- https://www.blackandwhite-salon.com/wp-content/plugins/super-forms/uploads/php/files/00b353c86d458681f3d456f706473b90/farowabutukamaxo.pdfIn PDF document text
- https://forumhrdbekasi.com/webroot/userfiles/files/xizanopar.pdfIn PDF document text
- https://wecafephuket.com/wp-content/plugins/super-forms/uploads/php/files/d1goq97rvg2d6ht5p74g86od9s/51942036057.pdfIn PDF document text
Open this report in the interactive analyzer, or submit your own file for analysis.