MALICIOUS
100
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The file is identified as malicious by ClamAV with the signature Pdf.Dropper.Agent-7217113-0. Static analysis heuristics indicate it is an advance-fee scam lure, commonly used to trick victims into paying fees for non-existent prizes or parcels. The document body is heavily obfuscated, preventing detailed content analysis, but the heuristic firings strongly suggest a social engineering attack.
Heuristics 2
-
ClamAV: Pdf.Dropper.Agent-7217113-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Dropper.Agent-7217113-0
-
Advance-fee lottery/parcel scam lure high SE_ADVANCE_FEE_SCAM_LUREDocument contains lottery/beneficiary or prize language together with large-value draft/funds wording and parcel/courier delivery requirements. This is a classic advance-fee fraud document shape.
Extracted artifacts 5
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
stream_006_off0000e44f.bin68fef29c8acb3d451119ce03f7e5077befc52ea4db96b789a9a40b8f3e94381c |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0xE44F | 5320 bytes |
font_00_cff_off00009847.bin143b5e8edfe0047f014da23de4449881b82d7be908bd2f859e0a3b3fb4829b78 |
pdf-font-stream | PDF embedded font (cff) at offset 0x9847 | 1225 bytes |
font_01_cff_off00009eeb.binf60fc7a4d132f75c323a9478fe1fb298353ab97fb30e18740012f7aaf16a486a |
pdf-font-stream | PDF embedded font (cff) at offset 0x9EEB | 7473 bytes |
font_02_sfnt_off0000b964.bin92e36f962de3ec6db9b67905429e3b2b8201ecfeb99405af4019af06bfe5844f |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xB964 | 13836 bytes |
font_03_cff_off0000dd3f.binb520f55294feb11bb58295252cae3dfbac2d51188969fbd88cb6c76ffbcf132a |
pdf-font-stream | PDF embedded font (cff) at offset 0xDD3F | 1430 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.