MALICIOUS
70
Risk Score
Malware Insights
MITRE ATT&CK
T1204.002 Malicious File
T1566.002 Spearphishing Attachment
The file is identified as a malicious PDF dropper by ClamAV. The document body contains multiple URLs, including one that is also flagged as an external URI, suggesting a lure to download further malicious content. The presence of a visual download button heuristic further supports the phishing or social engineering aspect of the attack. The primary intent appears to be tricking the user into downloading a malicious file disguised as an educational resource.
Heuristics 4
-
ClamAV: Pdf.Dropper.Agent-9227242-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Dropper.Agent-9227242-0
-
Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTONDocument contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://uncpbisdegree.com/download3.php?q=student-exploration-gizmo-answers-digestive-system.pdf
- http://uncpbisdegree.com/download4.php?q=student-exploration-gizmo-answers-digestive-system.pdf
- https://fullexams.com/exam/student-exploration-circulatory-system-answer-key-pdf
- http://burnscamp.org.uk/2/9/mk2-v6-mondeo-service-manual.pdf
- https://mywordsearch.com/all_puzzles
- http://www.oxfordwordlist.com/pages/report.asp?mode=print
- http://www.projectrho.com/public_html/rocket/scisociety.php
- https://1mbed.com/
- http://uncpbisdegree.com/1/star-wars-jedi-academy-return-of-the-padawan-2-jeffrey-brown.pdf
- http://riverside-resort.net/1/when-i-grow-up-taylor-swift-scholastic-reader-level-3.pdf
- http://uncpbisdegree.com/1/stoichiometry-calculations-answer-key.pdf
- http://riverside-resort.net/1/vss-connection-on-2005-ford-escape-2-3l-manual-transmission.pdf
- http://riverside-resort.net/1/une-parfaite-journee-parfaite-martin-page.pdf
- http://uncpbisdegree.com/1/teaching-of-environment.pdf
- http://uncpbisdegree.com/1/the-dairy-of-anne-frank-christopher-martin.pdf
- http://riverside-resort.net/1/workforce-employment-solutions-farmington-mo.pdf
- http://riverside-resort.net/1/user-manual-fiat-doblo-my-manuals.pdf
- http://riverside-resort.net/1/waar-vind-ik-een-service-manual-voor-canon-ds6041.pdf
- http://riverside-resort.net/1/une-parfaite-j
- https://www.explorelearning.com/
- http://www.dictionary.com/e/s/word-of-the-year-list/
- http://tvtropes.org/pmwiki/pmwiki.php/Main/CutLexLuthorACheck
- http://tvtropes.org/pmwiki/pmwiki.php/Main/GilliganCut
- http://www.microsofttranslator.com/bv.aspx?ref=SERP&br=ro&mkt=en-US&dl=en&lp=FR_EN&a=https%3a%2f%2f1mbed.com%2f
- http://music.163.com/
- http://www.microsofttranslator.com/bv.aspx?ref=SERP&br=ro&mkt=en-US&dl=en&lp=ZH-CHS_EN&a=http%3a%2f%2fmusic.163.com%2f
- http://go.microsoft.com/fwlink/?LinkId=521839&CLCID=0409
- http://go.microsoft.com/fwlink/?LinkID=246338&CLCID=0409
- https://go.microsoft.com/fwlink/?linkid=868922
- http://go.microsoft.com/fwlink/?LinkID=286759&CLCID=409
- http://go.microsoft.com/fwlink/?LinkID=617297
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00003d95.binfbfb3e304e2ab57fe15c1c00935cd9fd0157a2f73c9993110ef603239fcf1afe |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x3D95 | 10740 bytes |
font_01_sfnt_off00005fa0.binf7821a3dabd8e42bbcebaf57e0c1f59a7574c45f5c5d6d1521ef31a9a067302b |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x5FA0 | 7356 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.