SUSPICIOUS
44
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
The sample is a PDF document identified as an advance-fee scam lure. It contains language related to lotteries, prizes, and parcel delivery, typical of such fraud schemes. While numerous URLs were extracted, they were all confirmed as benign. No scripts were found, and the document body was heavily obfuscated, preventing a deeper analysis of the specific scam details.
Machine Learning
- Nyx PDF Classifier clean score 0.0008
Heuristics 3
-
Advance-fee lottery/parcel scam lure high SE_ADVANCE_FEE_SCAM_LUREDocument contains lottery/beneficiary or prize language together with large-value draft/funds wording and parcel/courier delivery requirements. This is a classic advance-fee fraud document shape.
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://www.google.org/ PDF link annotation
- http://www.microsoft.com/typography/ctfontshttp://lucasfonts.comMicrosoftIn PDF document text
- http://en.wikipedia.org/wiki/MIT_LicenseIn PDF document text
- http://www.microsoft.com/typography/fonts/default.aspxIn PDF document text
- http://crl.microsoft.com/pki/crl/products/MicrosoftTimeStampPCA.crl0XIn PDF document text
- http://www.microsoft.com/pki/certs/MicrosoftTimeStampPCA.crt0In PDF document text
- http://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl0TIn PDF document text
- http://www.microsoft.com/pki/certs/MicrosoftRootCert.crt0In PDF document text
- http://www.microsoft.com/pkiops/crl/MicCodSigPCA2011_2011-07-08.crl0aIn PDF document text
- http://www.microsoft.com/pkiops/certs/MicCodSigPCA2011_2011-07-08.crt0In PDF document text
- http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl0^In PDF document text
- http://www.microsoft.com/pki/certs/MicRooCerAut2011_2011_03_22.crt0��In PDF document text
- http://www.microsoft.com/pkiops/docs/primarycps.htm0@In PDF document text
- http://www.microsoft.com/Typography/0In PDF document text
- http://crl.microsoft.com/pki/crl/products/CSPCA.crl0HIn PDF document text
- http://www.microsoft.com/pki/certs/CSPCA.crt0In PDF document text
- http://crl.microsoft.com/pki/crl/products/tspca.crl0HIn PDF document text
- http://www.microsoft.com/pki/certs/tspca.crt0In PDF document text
- http://www.microsoft.com/typographyIn PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
stream_005_off00012652.bin |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x12652 | 345880 bytes |
SHA-256: 6ffefc34bddc571acd913efe2fa45dfabfefa85bf8f110361660b8785b4c7b7a |
|||
font_00_sfnt_off00008aa6.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x8AA6 | 103204 bytes |
SHA-256: 248900c437b6203fdf28345ad64f719f3dd51d5e826759c7e6807bf564500312 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.