MALICIOUS
94
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF file contains an embedded URI pointing to a suspicious domain, which is also listed among the extracted URLs. ClamAV and an ML classifier flagged this PDF as malicious, specifically identifying it as a phishing trojan. The document body, though heavily obfuscated, appears to be a lure related to a search query, suggesting a phishing or social engineering attack.
Machine Learning
- Nyx PDF Classifier malicious score 0.7216
Heuristics 3
-
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://nipisod.ru/award?keyword=nussbaum+capability+approach+pdf
- https://cdn.sqhk.co/danopefasuf/zEifhjN/child_care_licensing_jobs_michigan.pdf
- http://varnisvakq.ru/20432668308kfmpo.pdf
- https://cdn-cms.f-static.net/uploads/4486054/normal_60387e15e585d.pdf
- https://cdn-cms.f-static.net/uploads/4480905/normal_605545345f91a.pdf
- https://cdn-cms.f-static.net/uploads/4464070/normal_5fd1540f478b1.pdf
- http://lnstagram-copyright-confirms.com/powotagubuwunepuziwusamamz05.pdf
- http://springtea.space/kizogitzjv16.pdf
- https://cdn.sqhk.co/riraxizilob/lmS8Bgi/amazon_music_with_prime.pdf
- https://cdn.sqhk.co/fumamimed/4jjhbji/fruit_draw_sculpt_peel_veggies_artichoke.pdf
- https://static.s123-cdn-static.com/uploads/4367640/normal_5fdebafa68dcd.pdf
- http://contentmedialiteracy.com/soxefugozobovupoteudim7.pdf
- https://cdn.sqhk.co/gubogezemazo/hAz2vjm/83517686375.pdf
- https://cdn.sqhk.co/tenalewi/pxFtjiR/jimuel_pacquiao_girlfriend_break_up.pdf
- https://cdn-cms.f-static.net/uploads/4382186/normal_6027c04a2aa4f.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://uploads.strikinglycdn.com/files/1785a7b3-af2c-4793-b146-fc6298a0289b/is_the_overlord_manga_over.pdf
- https://uploads.strikinglycdn.com/files/665bf309-0c2a-4ee6-9695-5f6fd44d3216/yamaha_rx-v685_wont_turn_on.pdf
- https://uploads.strikinglycdn.com/files/2995f06b-19cb-42a1-80e2-faf899280b91/curso_de_marketing_digital_udemy__bom.pdf
- https://uploads.strikinglycdn.com/files/5d6d803b-4b87-438a-b8cb-cd7e4856ac18/what_do_little_ants_mean.pdf
- https://uploads.strikinglycdn.com/files/6f323bc3-7ed6-4d67-aea3-92f9f3675c79/morafogem.pdf
- https://uploads.strikinglycdn.com/files/4d80d0e0-341c-45a0-989f-1c5873c0f2cf/53544725342.pdf
- https://uploads.strikinglycdn.com/files/3b454c25-b5bc-433e-b75e-b5c23ef14931/15587090298.pdf
- https://uploads.strikinglycdn.com/files/07d2782c-4563-4f20-8afb-3ff3a21b8303/barska_key_safe_manual.pdf
- https://uploads.strikinglycdn.com/files/76dc8ea2-d8b2-4efb-adfc-811f1bd686db/mary_poppins_returns_songs_can_you_imagine_that_full_song.pdf
- https://uploads.strikinglycdn.com/files/98a9da66-4238-45f0-9773-383b1e47852d/how_to_set_up_speed_queen_washer.pdf
- https://uploads.strikinglycdn.com/files/319bd0fe-32fc-4774-8c5e-2f79ed4f75e2/rupujokibisu.pdf
- https://uploads.strikinglycdn.com/files/aa53c5e6-e28a-4921-a437-a54d450e6900/64659505962.pdf
- https://uploads.strikinglycdn.com/files/a23d50cd-6a69-40c7-8175-405e59a3c564/41247168047.pdf
- http://scripts.sil.org/OFL
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00019146.bine6c0751cd51c23bbb57a68267c8bce45b1ff97af0f46e8786d64ba656c6609e5 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x19146 | 5608 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.