MALICIOUS
94
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
This PDF file was detected as malicious by ML classifiers and ClamAV, indicating a phishing attempt. It contains an embedded URI that directs the user to a URL, likely to download a secondary payload or phish for credentials. No scripts were extracted, but the presence of embedded URIs suggests an attempt to redirect the user to a malicious site.
Machine Learning
- Nyx PDF Classifier malicious score 0.9747
Heuristics 3
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://www.skyline-recruiting.com/wp-content/plugins/super-forms/uploads/php/files/9396129b6eda2a119e996a98d0e160b3/39287380582.pdf
- http://www.hcibatiment.fr/wp-content/plugins/formcraft/file-upload/server/content/files/1607e6d378a76a---niropozetumebat.pdf
- https://www.lightingdynamics.com/wp-content/plugins/super-forms/uploads/php/files/2eb56ff86a4287658b473df0950def6c/momani.pdf
- https://hogies.com/includes/template/uploads/file/pokavopabamakib.pdf
- https://brusroom.com/wp-content/plugins/super-forms/uploads/php/files/1245a97c3a092e4a9fb9c9d19c0a881b/13038223499.pdf
- https://unicornproduction.gr/wp-content/plugins/super-forms/uploads/php/files/dd057328f96882484946134f3351c385/71697326877.pdf
- https://www.sudburyhighspeedinternet.ca/wp-content/plugins/super-forms/uploads/php/files/62b2771b7b223d5fd29ef19b18380f6c/20154967417.pdf
- http://aleeblog.com/wp-content/plugins/super-forms/uploads/php/files/r71u4ce73u7ak24q2fta460ai1/mevageborag.pdf
- https://flycam.com.tr/wp-content/plugins/formcraft/file-upload/server/content/files/160784da7a05a8---begitigakajurafo.pdf
- https://cremeconferences.com/wp-content/plugins/super-forms/uploads/php/files/919b5dfb84821f22fe0829351d1e5fd9/52630298372.pdf
- https://www.acptechnologies.com/wp-content/plugins/formcraft/file-upload/server/content/files/16091aa4c5f2a1---xojefokut.pdf
- http://www.acefence.com/wp-content/plugins/formcraft/file-upload/server/content/files/1608f5660707f1---jonulesawimonamawegot.pdf
- https://webmodels.studio/wp-content/plugins/formcraft/file-upload/server/content/files/1606d1879b9624---mivadi.pdf
- http://halvani.com/wp-content/plugins/formcraft/file-upload/server/content/files/1608834d68c82a---mituxulu.pdf
- https://www.hausbootgeiseltalsee.de/wp-content/plugins/super-forms/uploads/php/files/qm9m997bu6tei5in6jfakpf47o/13180459596.pdf
- http://www.kocay.com.tr/wp-content/plugins/formcraft/file-upload/server/content/files/1606c7d6e2b958---44837901080.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://feedproxy.google.com/~r/Uplcv/~3/zMnd8XtcwSM/uplcv?utm_term=d%2527+accord+2+answers
- http://scripts.sil.org/OFL
- http://dejavu.sourceforge.net
- http://dejavu.sourceforge.net/wiki/index.php/License
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000c823.bin86b84b6de53b6295f0a5e78969834b5b76660d63c2137ee6e3488cf3f115fa6f |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xC823 | 4820 bytes |
font_01_sfnt_off0000d892.binf6ca58d9bb3ad61c3ce6952eb8fe15366ce8a799a97de5bc28f2255dbb72d3da |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xD892 | 10664 bytes |
font_02_sfnt_off0000fd1a.bineaa138153142e1b202f6e132b5b79d2ae4483da1523e62d7c19f47fa5ad289e7 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xFD1A | 16068 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.