MALICIOUS
118
Risk Score
Malware Insights
MITRE ATT&CK
T1059.001 PowerShell
T1204.002 Malicious File
The PDF file was flagged by ClamAV as Pdf.Exploit.Agent-6136306-0 and a machine learning classifier indicated a high probability of maliciousness. An embedded script payload was detected within a PDF stream, suggesting the document is designed to execute malicious code upon opening. The XFA form heuristic further indicates a complex structure often used for exploitation.
Machine Learning
- Nyx PDF Classifier malicious score 0.9994
Heuristics 4
-
ClamAV: Pdf.Exploit.Agent-6136306-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Exploit.Agent-6136306-0
-
Embedded script payload in PDF stream medium PDF_EMBEDDED_SCRIPT_PAYLOADPDF stream bytes contain an HTML/XFA <script> tag without accompanying Windows shell-execution primitives — common in accessible XFA forms but worth surfacing for analyst review.
-
XFA form low PDF_XFAPDF uses XML Forms Architecture — can contain script logic
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://www.ag.ru/games/11778\\\
- http://replicore.ru/449-obzor-championship-manager-4.html\\\
- http://cdn3.rudb.org/img/2010_10/i4caca17514691.jpg&imgrefurl=http://torrent-kombo.ru/games/sport/17189-championship-manager-4.html&h=768&w=1024&sz=87&tbnid=oVgPWrUmfkpkbM:&tbnh=90&tbnw=120&prev=/search%3Fq%3DChampionship%2BManager%2B4%26tbm%3Disch%26tbs%3Dlr:lang_1ru%26tbo%3Du&zoom=1&q=Championship+Manager+4&docid=zUY1beqvge6SaM&hl=ru&sa=X&ei=sm4DT93zKJDpOZGx2LoB&ved=0CGIQ9QEwBg\\\
- http://torrent-kombo.ru/games/sport/17189-championship-manager-4.html\\\
- http://www.softogrand.ru/58372-championship-manager-03-04.html\\\
- http://static.megashara.com/screenshots/698757__11111111.jpg&imgrefurl=http://megashara.com/games/384115/championship_manager_4.html&h=600&w=800&sz=112&tbnid=FOrqqwAL4-QcrM:&tbnh=90&tbnw=120&prev=/search%3Fq%3DChampionship%2BManager%2B4%26tbm%3Disch%26tbs%3Dlr:lang_1ru%26tbo%3Du&zoom=1&q=Championship+Manager+4&docid=K1aK_8LM0eSzgM&hl=ru&sa=X&ei=sm4DT93zKJDpOZGx2LoB&ved=0CGgQ9QEwCA\\\
- http://megashara.com/games/384115/championship_manager_4.html\\\
- http://qiq.ws/media/npict/0907/big/championship_manager_4_2002_377312.jpeg&imgrefurl=http://qiq.ws/09/09/2009/games/186013/championship_manager_4_2002.html&h=345&w=460&sz=26&tbnid=V27DHbg6D8UijM:&tbnh=90&tbnw=120&prev=/search%3Fq%3DChampionship%2BManager%2B4%26tbm%3Disch%26tbs%3Dlr:lang_1ru%26tbo%3Du&zoom=1&q=Championship+Manager+4&docid=MCzt3Wdm5WFe9M&hl=ru&sa=X&ei=sm4DT93zKJDpOZGx2LoB&ved=0CGsQ9QEwCQ\\\
- http://qiq.ws/09/09/2009/games/186013/championship_manager_4_2002.html\\\
- http://torrent-kombo.ru/games/&rct=j&sa=X&ei=sm4DT93zKJDpOZGx2LoB&ved=0CHUQ6QUoADAK&q=Championship+Manager+4&usg=AFQjCNEVjKJMLWHEYO-CDVRtsqHtj7mN1g\\\
- http://torrent-kombo.ru/games/sport/&rct=j&sa=X&ei=sm4DT93zKJDpOZGx2LoB&ved=0CHYQ6QUoATAK&q=Championship+Manager+4&usg=AFQjCNEKSZ8jNxFbZp0pRHsVU3q_19pgCA\\\
- http://igry-tut.ru/igry-dla-pc/sport/145-championship-manager-4-skachat-besplatno-torrent.html\\\
- http://www.ag.ru/cheats/championship_manager_4\\\
- http://onfootball.ru/back/\\\
- http://toosimple.ru/content/1-treiner-dlya-50-igr-mt-x-mega-trainer-experience\\\
- http://pc.ogl.ru/game/colin-mcrae-dirt-2/file/1049240880\\\
- http://pokerforum.pro/soft/directors/poker-tournament-manager.html\\\
- http://www.lovehate.ru/Championship-Manager\\\
- http://www.gamecopyworld.com/games/pc_championship_manager_4.shtml\\\
- http://hidegib.webuda.com/Championship_Manager_4_v4.03_by_MYTH.html\\\
- http://warcmaps.com/games/6504/12727.html\\\
- http://fifasoccer.ru/files/info/87\\\
- http://www.ag.ru/games/11778&rct=j&sa=X&ei=N34DT_6mEYah-Qbe6NiZAw&ved=0CDoQuAIwAjgU&q=cm+4+trainer&usg=AFQjCNH6W7eq7qkrX8tC6xwOd4crEzr5rQ\\\
- http://www.playgig.ru/load/trejnery/trejner_dlja_dead_rising_2/4-1-0-679\\\
- http://www.ski.ru/az/news/post/nyuskulnoe-svetilo-novyi-trener-kanadskoi-sbornoi-po-sloupstailu\\\
- http://www.fmrussia.ru/school/tactic/442.shtml\\\
- http://avionix.ru/catalog/detail.php?SECTION_ID=9264&ELEMENT_ID=146352\\\
- http://www.fpvhobby.com/24-168-
- http://432000.ru/?tid=68\\\
- http://www.arptrainer.nl/cms/index.php?page=istoriya&hl=ru_RU\\\
- http://www.sport-land.ru/airush.htm\\\
- http://soft-ska4at2.ru/art.php?n=952054\\\
- http://pc.ogl.ru/game/championship-manager-4/file/1049227984\\\
- http://pc.ogl.ru/game/championship-manager-4/file/1049226583\\\
- http://anti-games.ru/download/trainer/4548-championship-manager-4-1-trainer.html\\\
- http://gamestar.ru/game/championship_manager_4.html\\\
- http://gamestar.ru/game/&rct=j&sa=X&ei=Wm0DT6XhAcOg-wbI-dnYAQ&ved=0CEoQ6QUoADAEOAo&q=Championship+Manager+4+Trainer&usg=AFQjCNF_4Xm82awalNtvaenwGmyw0myLog\\\
- http://chemax.ru/cheats/C/index1.php\\\
- http://bestgamer.ru/games/championshipmanager4.htm\\\
- http://www.playground.ruvwww.nwnights.ru/cheats/1426/\\\
- http://greatgamer.ru/gamesearch/trainer/?search_name=Championship%20Manager%20Season%2003/04\\\
- http://repa4ok.biz/2011/07/01/championship-manager-4.html\\\
- http://www.torrentino.com/torrents/604888\\\
- http://www.gameland.ru/pc/championship-manager-4/\\\
- http://www.7wolf.ru/index_view_game_item_6811.zhtml\\\
- http://ganduras.ru/pc/championship-manager-4/\\\
- http://greatgamer.ru/screenshots/championship_manager_4.html\\\
- http://www.neogame.ru/cheats/1/161p1.shtml\\\
- http://pc.ogl.ru/game/championship-manager-4/file/1049227987\\\
- http://skachivaibesplatno.com/file/1910.html\\\
+410 more URL(s)
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
embedded_pdf_script_0000025e.bin0912fee85e20c42121a7a4a0320c4664fda493963c51a3c3c5aef04b52cd8ec8 |
pdf-embedded-script | PDF raw stream script payload at offset 0x25E | 101923 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.