MALICIOUS
64
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The file is a PDF document that contains an embedded URI pointing to a suspicious domain, identified by ClamAV as malware. The document body appears to be garbled, but the presence of the URI and the ClamAV detection strongly suggest a phishing or malware distribution attempt. No scripts were extracted from this sample.
Machine Learning
- Nyx PDF Classifier clean score 0.0058
Heuristics 3
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://maypoin.ru/strik?utm_term=organization+theory+and+design+an+international+perspective+3rd+edition+pdf
- https://static.s123-cdn-static.com/uploads/4404750/normal_5fc74b7d420a3.pdf
- https://jadufebifov.weebly.com/uploads/1/3/4/6/134627690/rukuxejanad.pdf
- https://cdn-cms.f-static.net/uploads/4450141/normal_605bde40acaf6.pdf
- https://static.s123-cdn-static.com/uploads/4450243/normal_5fddcc690e33b.pdf
- https://sebaderibegagib.weebly.com/uploads/1/3/4/5/134583030/448e6.pdf
- https://static.s123-cdn-static.com/uploads/4405208/normal_5feb7379f2f08.pdf
- https://wuzafonufiza.weebly.com/uploads/1/3/4/3/134341979/85cc7f070522.pdf
- https://zofigaxukinepir.weebly.com/uploads/1/3/4/2/134235574/gepes_xoponuzukuza.pdf
- https://cdn-cms.f-static.net/uploads/4485161/normal_5fdc296c68f20.pdf
- https://cdn-cms.f-static.net/uploads/4420599/normal_60265dcf6073c.pdf
- https://samarobiratepiw.weebly.com/uploads/1/3/5/3/135327643/a7dac4.pdf
- https://static.s123-cdn-static.com/uploads/4475872/normal_5fee042aa934e.pdf
- https://cdn-cms.f-static.net/uploads/4460471/normal_604d91bcd11be.pdf
- https://mokadipubozot.weebly.com/uploads/1/3/2/3/132303064/dc56c889acd63ed.pdf
- https://wewebaviwipi.weebly.com/uploads/1/3/0/7/130775561/a8e351.pdf
- https://cdn-cms.f-static.net/uploads/4403936/normal_60511d06684e1.pdf
- https://static.s123-cdn-static-d.com/uploads/4481552/normal_60b1e40c8c837.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://uploads.strikinglycdn.com/files/ac638215-320e-4d34-a41a-ceaf3ec73ef0/how_to_program_dish_joey_remote_to_vizio_tv.pdf
- https://uploads.strikinglycdn.com/files/8f44234d-3d87-4da1-8c96-0ed4e39ccdf6/vopugaxulijojumifakugo.pdf
- https://uploads.strikinglycdn.com/files/21bd34f8-174a-4998-ac0e-fbdca276cccb/libro_de_historia_tercer_grado_de_secundaria_volumen_2_2021.pdf
- https://uploads.strikinglycdn.com/files/605c5dc3-d10a-4a28-afa1-4c568907eaf3/bivilozusu.pdf
- https://uploads.strikinglycdn.com/files/1341f9bf-f62f-491a-8a6b-0c1be4238ac0/ball_end_classical_guitar_strings_amazon.pdf
- https://uploads.strikinglycdn.com/files/54955ca7-31e8-4d9d-9b31-d238f1141cd2/the_art_of_business_communication.pdf
- https://uploads.strikinglycdn.com/files/cbb940b6-cd53-43dc-96d8-2b64e3f0a714/lawnboy_services_inc.pdf
- http://scripts.sil.org/OFL
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0024e9f0.bin121d5b8e3852b0516e698144fb4b7bbc9741292908db65fb259a693f17c325b7 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x24E9F0 | 5820 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.