MALICIOUS
94
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF file was flagged as malicious by ML classifiers and ClamAV, indicating a high likelihood of malicious intent. The embedded URI points to a URL that appears to be part of a phishing or malware distribution scheme, disguised as a free manual download. No scripts were extracted, but the PDF structure and embedded URI strongly suggest a phishing or malware delivery attempt.
Machine Learning
- Nyx PDF Classifier malicious score 0.8129
Heuristics 3
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://kuzutuzo.ru/wix?keyword=small+engine+manuals+free+download PDF link annotation
- http://theporte.xyz/puviporodonogaxumppvuk.pdfIn PDF document text
- https://cdn.sqhk.co/ninubisidire/aOa6hdP/47140735849.pdfIn PDF document text
- http://fastgetme.online/ego-t_vape_pen_blinking_3_timesveod9.pdfIn PDF document text
- http://simenejigixera.22web.org/cancer_de_cervix_sintomas.pdfIn PDF document text
- https://cdn.sqhk.co/rufopunuk/2jhifib/cisco_firewall_asa_5520_datasheet.pdfIn PDF document text
- https://cdn.sqhk.co/zokirafuka/c5RG3ja/29403689609.pdfIn PDF document text
- http://cosmostil.top/how_many_calories_in_dunkin_donuts_multigrain_bagel_with_cream_cheesejv4us.pdfIn PDF document text
- https://cdn.sqhk.co/favejofu/fjaS86B/regulegitexokude.pdfIn PDF document text
- https://cdn.sqhk.co/nuvexajamu/ihcQQjc/drill_master_80_piece_rotary_tool_kit.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://s3.amazonaws.com/sisaxu/mupumupivofese.pdfIn PDF document text
- https://s3.amazonaws.com/tetofamuxulil/mesabimix.pdfIn PDF document text
- http://lojadovupi.epizy.com/canonical_form_of_boolean_algebra.pdfIn PDF document text
- https://s3.amazonaws.com/vatakefojunib/cheat_engine_6._5_windows_10.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/9bc920c9-cca7-41ec-bc1c-dbecd90f3308/toyota_sienna_2006_new_price.pdfIn PDF document text
- https://s3.amazonaws.com/wizomoravazub/why_is_my_frigidaire_water_dispenser_not_working.pdfIn PDF document text
- http://gulibekesewek.epizy.com/christ_church_secondary_school_uniform.pdfIn PDF document text
- https://s3.amazonaws.com/jokotaziweluge/54729817739.pdfIn PDF document text
- https://s3.amazonaws.com/luborinizu/is_maschine_plus_worth_it.pdfIn PDF document text
- https://s3.amazonaws.com/wupagivoz/33164779692.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/814fc8dd-655c-4281-8b14-8021aed47d7b/9441127261.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/79610221-c858-4e49-9f16-ce1c5b2191d1/remington_870_express_magnum_20_gauge_18_inch_barrel.pdfIn PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000f32c.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xF32C | 5420 bytes |
SHA-256: bdfe8b8ce4eadde8d933761fa16cd4f4b24e1e1ee68013d64c0f2e87ef99cd77 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.