MALICIOUS
94
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The file is a PDF document that contains an embedded URL pointing to a domain commonly associated with phishing and malware distribution. The document body, though heavily obfuscated, appears to reference driver downloads, a common lure for users seeking specific hardware drivers. The ClamAV detection and ML classifier further support its malicious nature.
Machine Learning
- Nyx PDF Classifier malicious score 0.6543
Heuristics 3
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://irlanc.ru/pbw?utm_term=asus+x540s+usb+drivers+windows+7+64+bit
- https://nabinavupofi.weebly.com/uploads/1/3/5/3/135350319/7727818.pdf
- https://static.s123-cdn-static.com/uploads/4377662/normal_5fcdc97d128a1.pdf
- https://cdn-cms.f-static.net/uploads/4468534/normal_5fd28ca051828.pdf
- https://cdn-cms.f-static.net/uploads/4460708/normal_601fb095d55de.pdf
- https://koredude.weebly.com/uploads/1/3/1/4/131406285/f9a7bdfc8a.pdf
- https://surejijal.weebly.com/uploads/1/3/4/5/134525532/5305891.pdf
- https://zonozedu.weebly.com/uploads/1/3/0/8/130874021/2037399.pdf
- https://lulaxakopoto.weebly.com/uploads/1/3/4/3/134331182/4835964.pdf
- https://gizalikujaxemif.weebly.com/uploads/1/3/4/6/134606641/5162543.pdf
- https://cdn-cms.f-static.net/uploads/4380230/normal_60458ffd6d654.pdf
- https://devoporerok.weebly.com/uploads/1/3/1/6/131607733/jofowomowav.pdf
- https://static.s123-cdn-static.com/uploads/4486221/normal_5feafca4361aa.pdf
- https://nivozigagu.weebly.com/uploads/1/3/4/4/134439663/102363.pdf
- https://jatuvukaxakepu.weebly.com/uploads/1/3/4/3/134313635/6107628.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://uploads.strikinglycdn.com/files/3f1f58c9-c939-468a-a4ba-7647e05861d4/risafodagijojogipejis.pdf
- https://uploads.strikinglycdn.com/files/1408e577-0f91-43d3-9c07-cb4a7a748c09/who_is_the_man_at_the_end_of_war_of_the_worlds.pdf
- http://pebokuvog.pbworks.com/f/the_mummy_3_full_movie_download_in_hindi_dubbed_480p.pdf
- https://uploads.strikinglycdn.com/files/0dcc7008-50f0-468f-861d-d8644a8dfd3d/whirlpool_dishwasher_wdf320padw2_heating_element.pdf
- http://nilanom.pbworks.com/w/file/fetch/144419262/lusagafozapo.pdf
- https://uploads.strikinglycdn.com/files/639fceae-3e8d-49db-83ad-c0849115e70b/24959722519.pdf
- http://zopujoxobug.pbworks.com/w/file/fetch/144419511/samsung_company_swot_analysis.pdf
- http://natizasex.pbworks.com/f/business_proposal_sample_docx.pdf
- http://kufugaref.pbworks.com/f/le_roman_de_flamenca_espaol.pdf
- http://wikitaxif.pbworks.com/w/file/fetch/144540573/ben_10_omniverse_2_3ds_apk_download_for_android.pdf
- http://vimadutukad.pbworks.com/f/how_to_pick_up_a_flemish_giant.pdf
- http://fudejob.pbworks.com/f/52220833825.pdf
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00010dbf.bincd1269e71757b8f3ecaa8d9ed6344239e72fb2edc7b4b38cf779e71fe3ca12c1 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x10DBF | 5516 bytes |
font_01_sfnt_off000120c3.bincaf7f100876fe0b87a6568b0ea8e450fd0d459fd8bc52c74c997df100602db6f |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x120C3 | 11360 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.