MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF file was flagged by ML classifiers and ClamAV as malicious, specifically as a phishing trojan. The embedded URL and document body suggest a lure to download software, likely leading to malware. While no scripts were explicitly extracted, the PDF structure and embedded URIs indicate a phishing attempt to trick users into downloading a payload.
Machine Learning
- Nyx PDF Classifier malicious score 0.9990
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://resalured.ru/wix?keyword=plants+vs+zombies+apk+free+download+full+version+pc
- http://sis-paypal.com/golofopowotodipurppk70.pdf
- https://cdn.sqhk.co/wexazaruko/heUehhF/angry_black_wolf_hd_pics.pdf
- http://junedevuxojaje.22web.org/gomepuwerik.pdf
- http://semengergel.ru/70714691202eybla.pdf
- https://cdn.sqhk.co/zizaratijiga/jijihU7/gidudebatevadirikebani.pdf
- https://cdn.sqhk.co/suzironanes/gfja9kZ/lokaratiwedaxibuki.pdf
- http://gnoogle.site/fujogogilijaw1sgv.pdf
- http://nositadox.mypressonline.com/soxupojewalifasuzeba.pdf
- https://cdn.sqhk.co/suwajipufo/ZicFigF/xugozupunusovatamodikoge.pdf
- http://successinyourlif.website/escape_from_alcatraz_triathlon_shark_attackbyf75.pdf
- https://cdn.sqhk.co/kofosenolo/d4palgd/lixititusoxajipisor.pdf
- http://remastacer.com/akbar_birbal_stories_englishh2ixr.pdf
- http://sayfelengs.space/is_chronicles_of_narnia_worth_readingeuh8x.pdf
- https://cdn.sqhk.co/zolilobup/oWgfbib/rujufon.pdf
- https://cdn.sqhk.co/zujumatatub/8eDgegf/cad_blocks_doors.pdf
- http://ovca.space/kitchenaid_mixer_repair_parts_amazonys6l1.pdf
- http://springtea.space/anatomia_musculos_de_la_caraj7out.pdf
- http://pexarinolal.mypressonline.com/quote_as_a_man_thinketh_so_is_he.pdf
- https://cdn.sqhk.co/kokojisip/7Phdgfx/kaiser_pharmacy_roseville.pdf
- https://cdn.sqhk.co/wenewojufaj/lihQiav/55336045563.pdf
- https://cdn.sqhk.co/bojojiweg/gggeb1Y/sabidinusanedolove.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- http://luremanoxe.epizy.com/98288514460.pdf
- http://jofewasax.rf.gd/11378562830.pdf
- http://vaxomuterok.epizy.com/givirakilara.pdf
- http://ziwebizivag.epizy.com/gender_performativity_summary.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000f944.bin08c8533e86ba46bc8e6276f9aa4232667ec13329b9417944ea63b177c5bee697 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xF944 | 5708 bytes |
font_01_sfnt_off00010cb8.bin53425760a95670ee47f1f6ae5e6f43d1c63d22c349efbcbfa80291c03c638f62 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x10CB8 | 11748 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.