MALICIOUS
94
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF file was detected as malicious by ML classifiers and ClamAV, specifically flagged as a phishing trojan. The document body contains a lure related to 'Playstation card number free' and an embedded URI pointing to 'https://coretry.ru/uplcv?utm_term=playstation+card+number+free'. This suggests the file is part of a phishing campaign designed to trick users into visiting a malicious URL.
Machine Learning
- Nyx PDF Classifier malicious score 0.9970
Heuristics 3
-
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://coretry.ru/uplcv?utm_term=playstation+card+number+free
- https://www.qbuildsoftware.com/wp-content/plugins/super-forms/uploads/php/files/9c6ab5d3921d6158b3d4edadfb025101/luviwadezabesukolo.pdf
- https://www.limratechnologies.net/wp-content/plugins/formcraft/file-upload/server/content/files/1607cab8969a69---1215990261.pdf
- https://vinisfarm.com/wp-content/plugins/super-forms/uploads/php/files/8279174e03af71fa2e00250ac88e5eeb/45570040174.pdf
- http://airholic.com/UpFiles/WebEditorFiles/file/11222647756.pdf
- https://massagetheory.ca/wp-content/plugins/super-forms/uploads/php/files/df6f5136f957c6f11383137b263b62c7/virizogaxajupakorufiwelu.pdf
- https://www.sblending.com.au/wp-content/plugins/formcraft/file-upload/server/content/files/1607769046875a---soseletotazojilezivoxabax.pdf
- http://plenaadoracao.com.br/wp-content/plugins/formcraft/file-upload/server/content/files/16097fe423ef13---wilozesoxujirobojafewatu.pdf
- http://careerhack.net/wp-content/plugins/formcraft/file-upload/server/content/files/1609d0457d8896---bojusilawuladowiwokob.pdf
- https://dipinkrishna.com/wp-content/plugins/formcraft/file-upload/server/content/files/160754cf828400---didorevadojawu.pdf
- https://traonguoc.vn/wp-content/plugins/super-forms/uploads/php/files/dfflb7df41hmog5rqeb91ripnh/27915044033.pdf
- https://globalazeri.az/wp-content/plugins/super-forms/uploads/php/files/hof2nq36136rc6iasi8ilgpui4/20425048750.pdf
- http://www.oschouston.com/osc/wp-content/plugins/formcraft/file-upload/server/content/files/1607a8b09977d0---beledapifuviriruwuselana.pdf
- http://caphegiabao.com/upload/fck/file/xusazexuvedo.pdf
- https://bokseinstituttet.dk/wp-content/plugins/formcraft/file-upload/server/content/files/1608f5de35fe79---fomurud.pdf
- http://www.1000ena.com/wp-content/plugins/formcraft/file-upload/server/content/files/1608f60e507313---natazawuvefubomuxaxoja.pdf
- https://amalighting.com/wp-content/plugins/super-forms/uploads/php/files/1a0e96c5ba124aa5c0af673c0b86c4d5/74937819046.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000debf.bin5befd79cf1ffde9d8d1d1e428ca941c1ffbe1ce3048ef80fd9f592a9265a2adf |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xDEBF | 5412 bytes |
font_01_sfnt_off0000f112.bin43e2c51c79760f574cc5faa1d336371ef81d1b3839277997be888e1e6d9fc54a |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xF112 | 10836 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.