MALICIOUS
94
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF file was detected as malicious by ML classifiers and ClamAV, indicating a phishing or trojan payload. It contains an embedded URI pointing to a URL that appears to be a lure for downloading a PDF, likely containing further malicious content. The document body, though partially corrupted, suggests a theme related to road signs, which is likely a pretext for the phishing attempt.
Machine Learning
- Nyx PDF Classifier malicious score 0.9721
Heuristics 3
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://crysiq.ru/uplcv?utm_term=panneau+de+signalisation+routi%25C3%25A8re+%25C3%25A0+imprimer
- https://robinio.de/wp-content/plugins/super-forms/uploads/php/files/aat81ifr592nlpoo00c5m6b796/49930728793.pdf
- http://akkoryazilim.com/userfiles/file/28828784254.pdf
- http://kwik-it.ru/wp-content/plugins/formcraft/file-upload/server/content/files/160768685961db---2076180486.pdf
- http://www.sevenchurchestour.net/seven/wp-content/plugins/formcraft/file-upload/server/content/files/16082e3431d4cb---66043359792.pdf
- http://saludocupacionalpso.com/home/wp-content/plugins/formcraft/file-upload/server/content/files/160a4a52a2942c---3859159762.pdf
- https://tlproduct.com/userfiles/file/41191848622.pdf
- https://nhaban24h.com.vn/wp-content/plugins/super-forms/uploads/php/files/snmuo8f993tvkd6et2na9rag65/98375513693.pdf
- http://warraichmeats.com/wp-content/plugins/formcraft/file-upload/server/content/files/1606c973e0cc92---gogonavuwogibezenonisu.pdf
- http://www.sunarpazarlama.com/wp-content/plugins/super-forms/uploads/php/files/oqf4adsfegje0bquq5cjselfs0/saruxosixojazojafusilivuj.pdf
- https://www.adler-leitishofen.de/wp-content/plugins/formcraft/file-upload/server/content/files/160a3471238746---jibumivafojafupogenudipo.pdf
- https://messianic.live/wp-content/plugins/super-forms/uploads/php/files/37aee46f5ca4ddace247aa6fb4e827ed/zipibenazenojav.pdf
- https://too.kg/wp-content/plugins/super-forms/uploads/php/files/b4981406ecefa70364a1deba05b57d63/71144539310.pdf
- https://microfocus-realize2020mea.com/wp-content/plugins/super-forms/uploads/php/files/ee64cbcc95e1a97503704fd3d5ef68c3/58309401037.pdf
- http://www.kissdocs.com.au/wp-content/plugins/formcraft/file-upload/server/content/files/160758d5d9b73c---64984812250.pdf
- https://qualitylightsolutions.com/wp-content/plugins/super-forms/uploads/php/files/08d38779f57c1cdcce2344fe65389db6/65147008318.pdf
- https://independentmusicleague.com/wp-content/plugins/super-forms/uploads/php/files/cd65c357723ecbcb0f8ac9ef1f8aaa70/12632522256.pdf
- http://www.mkkdigital.pt/wp-content/plugins/formcraft/file-upload/server/content/files/1608d32db986f5---65641996893.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- http://scripts.sil.org/OFL
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0001f22a.binc168cedb1d47bb145e5e333fb7deb8d17c59e15a40c93a642982b2ec48d85140 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1F22A | 5656 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.