MALICIOUS
94
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
This PDF file was detected as malicious by ClamAV and an ML classifier, indicating a high likelihood of malicious intent. The document body, though heavily corrupted, suggests a lure related to educational materials, specifically a physics textbook. The presence of numerous embedded URLs, many pointing to file hosting services, suggests the document is designed to trick the user into downloading a secondary payload.
Machine Learning
- Nyx PDF Classifier malicious score 0.8907
Heuristics 3
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://cdn-cms.f-static.net/uploads/4407983/normal_6028e2d7b7bfa.pdf In PDF document text
- https://static.s123-cdn-static.com/uploads/4388280/normal_5fdf96652fcdd.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- http://feedproxy.google.com/~r/wb/ENAH/~3/o_fyKxYoRT8/wb?keyword=libro%20de%20fisica%202%20secundaria%20infinita%20pdfPDF link annotation
- https://uploads.strikinglycdn.com/files/bad32b40-0e2e-497b-91ae-6c307b5a4ce3/pukiv.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/9bb29703-2487-451f-ba7c-c792c838c953/the_lord_of_the_rings_part_2_in_hindi_filmyzilla.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/9dad86d7-a2be-4348-9c38-4c97ddb48e2d/4940975233.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/616f4f81-173a-4b9d-bbb5-f090c9e989d0/unreal_engine_4_models_free_download.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/7857bbc8-869c-4348-8eaa-f95c4984a2c0/oster_duraceramic_6_cup_rice_cooker.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/7203d3e3-200f-4e0c-be2c-b6f72b6599c5/how_to_bat_ball_game.pdfIn PDF document text
- https://s3.amazonaws.com/jexijer/30191479497.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/e5c1f2ce-c085-43d6-a934-18f08d255d0c/fujula.pdfIn PDF document text
- https://s3.amazonaws.com/fodose/romipezozeketenikad.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/147d27dc-fdee-4910-a4ba-d8bc77e5ef2c/36971373243.pdfIn PDF document text
- https://s3.amazonaws.com/luxaduzimase/annual_payments_hmrc_manual.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/6884e1e0-40b3-447d-a0b0-2eb439cd18d7/zonal_cavity_method_calculator.pdfIn PDF document text
- https://s3.amazonaws.com/zosevid/50986829275.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/df559cdb-ce88-437b-8e86-b88224465de8/molecular_biology_of_the_cell_6th_edition_online.pdfIn PDF document text
- https://s3.amazonaws.com/mupukesunobaga/58239967313.pdfIn PDF document text
- https://s3.amazonaws.com/sitozi/piridu.pdfIn PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00011c84.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x11C84 | 5328 bytes |
SHA-256: 04a8c39c6a78e5d03030493101a13db7e9f843755910ae5a7d6cf3afdf0c5c89 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.