MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF file was detected as malicious by ML classifiers and ClamAV, indicating a high likelihood of malicious intent. It contains an embedded URL that directs users to a site offering IELTS reading practice tests, likely a lure to disguise malicious activity. The presence of PDF_URI and EMBEDDED_URL heuristics further supports the phishing attempt. No scripts were extracted, but the overall structure and embedded URLs point towards a phishing or credential harvesting scheme.
Machine Learning
- Nyx PDF Classifier malicious score 0.9998
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://botokaw.ru/123?utm_term=ielts+reading+practice+test+2018+with+answers
- http://websecurer.tech/cuisinart_toaster_oven_will_not_turn_oniho44.pdf
- http://gopizapa.22web.org/what_is_the_top_200_drug_list.pdf
- https://static.s123-cdn-static.com/uploads/4454988/normal_5ff0d961cfd71.pdf
- http://tramlaweq.online/97708470562qy3yr.pdf
- https://cdn-cms.f-static.net/uploads/4368469/normal_6035a599dc2fb.pdf
- http://tuzazigigub.iblogger.org/6108552445.pdf
- https://static.s123-cdn-static.com/uploads/4414514/normal_60080c5147e0d.pdf
- http://caterm.ru/11415088078bncqp.pdf
- http://daliadiago.com/85171038271gekux.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- http://rejekokamikax.rf.gd/jiwowaw.pdf
- https://91506351-5699-48ce-85e7-8e7d071f4e87.filesusr.com/ugd/d775a9_900279051ec74c368e0c8938056594a0.pdf?index=true
- https://3794eb9c-cc8b-492c-aecc-44533f76aaa6.filesusr.com/ugd/1ee69b_b136d3de3eec4af4b4c08328fbe1d5b8.pdf?index=true
- http://bezexus.rf.gd/algoritmo_para_resolver_el_cubo_de_rubik.pdf
- https://ef5e9b3f-1a8e-4c79-9b60-34b8f8133c96.filesusr.com/ugd/18574e_c1da58f52fb1449fb745897c302d5581.pdf?index=true
- https://d1b33a7b-cde1-45d4-bc15-d4d3b6236ac5.filesusr.com/ugd/1d64af_d00f6b2013824d2fbcc70c92f3266edd.pdf?index=true
- https://43dda2ad-fadc-418c-a2d5-4b96cca2ed60.filesusr.com/ugd/6eca9c_dccb77b3d33148a981849f538a6035fc.pdf?index=true
- http://fuvafajof.rf.gd/why_isnt_my_hp_printer_not_connecting_to_wifi.pdf
- http://togubetaxiki.epizy.com/wordpress_website_development_tutorial.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00013471.bina67c5e54fa3c51fd3e634868fd897718d2f8ad3061a1a7a420c82e230133b621 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x13471 | 5884 bytes |
font_01_sfnt_off00014887.bind16bb516de3840d733db4e9e6b2f494c63e6b40713418292638b808dce1d43dc |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x14887 | 12980 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.