MALICIOUS
64
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
The PDF file contains an embedded URI pointing to a suspicious domain, identified by ClamAV as a phishing trojan. The document body, though heavily obfuscated, suggests a lure related to software downloads. The presence of an external URI and the ClamAV detection strongly indicate a phishing attempt designed to redirect users to a malicious site.
Machine Learning
- Nyx PDF Classifier suspicious score 0.4403
Heuristics 3
-
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://leonvi.ru/aws?utm_term=sql+server+2008++32+bit PDF link annotation
- https://static.s123-cdn-static.com/uploads/4457881/normal_5feb01b0642a1.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4413707/normal_5fdefc030d958.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4473618/normal_5feb71e5b1f5c.pdfIn PDF document text
- http://kivudutamazawan.22web.org/hot_gospel_songs_free.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4386091/normal_600b696ce3cbd.pdfIn PDF document text
- http://naxokagad.epizy.com/fobizuvosupezifojofejakap.pdfIn PDF document text
- https://s3.amazonaws.com/fivebo/guided_reading_strategies_7._1.pdfIn PDF document text
- https://s3.amazonaws.com/toguvaju/appraisal_answers_what_have_you_achieved.pdfIn PDF document text
- http://bezepegu.epizy.com/jepugopof.pdfIn PDF document text
Open this report in the interactive analyzer, or submit your own file for analysis.