MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The file is identified as malicious by ML classifiers and ClamAV, with a high risk score. It contains multiple embedded URLs pointing to potentially malicious domains, suggesting an attempt to redirect users to phishing or malware-hosting sites. The document body, though heavily obfuscated, appears to be a lure related to educational content, which is a common tactic for social engineering.
Machine Learning
- Nyx PDF Classifier malicious score 0.9998
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://lozipotod.ru/wix?keyword=patterns+of+inheritance+worksheet+pdf
- https://fubewewafipox.weebly.com/uploads/1/3/0/8/130874235/6463732.pdf
- http://ruxovesubilesuk.22web.org/libro_consulente_automobilistico_gratis.pdf
- http://zakosemej.mypressonline.com/lg_front_load_washer_trouble_codes.pdf
- https://cdn.sqhk.co/zatovafer/F35tjiv/slendrina_the_cellar_2_ruby_games.pdf
- http://peteferix.mypressonline.com/23583462949.pdf
- http://xifamopituwoti.iblogger.org/48066386193.pdf
- http://tojuvapemupo.mywebcommunity.org/2183469952.pdf
- http://gojavodevagajuw.mygamesonline.org/kenwood_ddx419_update.pdf
- http://wapividazofar.scienceontheweb.net/38683508932.pdf
- https://zubetotuduve.weebly.com/uploads/1/3/5/3/135340520/bazapejogofulit.pdf
- https://cdn.sqhk.co/gijimexuv/t2icWhc/hay_day_online.pdf
- https://cdn.sqhk.co/jenojigise/qv0jggg/demigods_and_magicians_audiobook.pdf
- https://cdn.sqhk.co/vemetafije/yzHifjc/86887751722.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://s3.amazonaws.com/midizaxopazeji/gojusominutux.pdf
- https://9a1eab6f-da2d-4a41-99bb-18a59f11b130.filesusr.com/ugd/c2b690_bfb686bf8a5a44b3ab7fd790a5fe61dd.pdf?index=true
- https://19aaccd0-9772-41b6-85c4-be118606641a.filesusr.com/ugd/a12125_dd1b7bbd22324e0f98649523f7198ef8.pdf?index=true
- https://s3.amazonaws.com/faduxodiwo/bhajan_aarti_ringtone.pdf
- https://s3.amazonaws.com/wapabefizosumi/lasijenunutilugub.pdf
- https://61249681-e2d1-4375-841a-b3723294d79c.filesusr.com/ugd/3d514e_163b77efdd4740dda262d47b2250f248.pdf?index=true
- https://a299e4c1-23ab-4451-a6a7-4822a081f4b0.filesusr.com/ugd/b5472a_dd01d8e0e7a1477e9eedb0f0da86b28e.pdf?index=true
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000dfab.bin3e7baebbcdf46d54cee772116b76a913440e9dde22e28d0935a73f7e35ba7341 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xDFAB | 5368 bytes |
font_01_sfnt_off0000f201.bin5e3982874e75a8d451b680f2d779c39afd5a66e64724f6fcf3cd957c3b8edd63 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xF201 | 10548 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.