MALICIOUS
62
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1059.001 PowerShell
The file is identified as a malicious PDF by ClamAV. It contains multiple embedded URLs, including one pointing to 'hotelhonolulu.com.gt', which is flagged as suspicious. The presence of these links suggests a phishing or redirection attempt to a malicious site. No scripts were extracted, limiting the analysis of specific behaviors.
Machine Learning
- Nyx PDF Classifier clean score 0.0856
Heuristics 3
-
ClamAV: Pdf.Dropper.Agent-7295421-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Dropper.Agent-7295421-0
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://www.hotelhonolulu.com.gt/.dep/redirect.html
- http://ceneinnova.com/ajj/ndb/index.php
- https://pdfcrowd.com/doc/api/?ref=pdf
- https://pdfcrowd.com/?ref=pdf
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00003d27.binde895ed87772da48ab0e4f566fe41384afbc59e782d7828e777863d12fd943f5 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x3D27 | 42844 bytes |
font_01_sfnt_off00009b9a.bin5091de8b5a8651ee3354927cb3e58ac938a47a05778b1c5b3dcda2384521acca |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x9B9A | 21532 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.