MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF file contains an embedded URI pointing to a suspicious domain, identified by ClamAV as a phishing trojan. The document body, though heavily obfuscated, contains text related to movie subtitles, suggesting a social engineering lure. The presence of an external URI and the ML classifier's high confidence score indicate a malicious intent to redirect the user to a harmful site.
Machine Learning
- Nyx PDF Classifier malicious score 0.9773
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
-
External URI info PDF_URIPDF contains an external URL action
-
PDF differential parser failed info PDF_DIFFERENTIAL_PARSE_FAILEDThe cross-check parser (pdfminer.six) failed on this file: PDF differential parser failed: PDFSyntaxError. Static heuristics still ran and any of their findings above are valid; only the differential cross-check signal is missing.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://druttle.ru/strik?utm_term=heart+of+darkness+movie+1993+subtitles+english
- https://cdn.sqhk.co/sujubowip/gdjedTj/ping_pong_the_animation_op.pdf
- https://cdn.sqhk.co/madufuxenuw/vjdihUd/top_up_genshin_impact.pdf
- https://cdn.sqhk.co/dunafafaxen/fXgeyhh/dokufozuliwemagegimejepis.pdf
- https://static.s123-cdn-static.com/uploads/4368477/normal_600104b429b45.pdf
- https://cdn-cms.f-static.net/uploads/4498348/normal_60636938a88df.pdf
- https://cdn.sqhk.co/genizataxom/oMwolgQ/formato_de_bienestarina_icbf_version_4.pdf
- http://koreatop.ru/human_resource_management_meaning_and_definitionur30p.pdf
- https://cdn.sqhk.co/zexupibo/bgfGosT/serazepamaxumofadexaw.pdf
- https://cdn.sqhk.co/luvunugoz/KuifSjj/filme_atos_dos_apstolos_gratis.pdf
- https://static.s123-cdn-static.com/uploads/4499282/normal_5fc81441c4b4f.pdf
- http://shtampshop.ru/84617707530abs1b.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://uploads.strikinglycdn.com/files/26b217cb-6a4e-4acb-a314-4cef7febe941/how_often_should_i_change_my_honda_civic_transmission_fluid.pdf
- https://uploads.strikinglycdn.com/files/0911776c-cbf1-4089-88a1-3721e016be0d/oracle_12c_software_installation_on_linux_step_by_step_screenshots.pdf
- https://uploads.strikinglycdn.com/files/25ba4b42-be82-47b8-8162-a601d928247a/how_long_does_it_take_to_beat_the_original_final_fantasy_7.pdf
- https://uploads.strikinglycdn.com/files/32e733f6-c5e8-4cd6-8019-cad9db24728f/sizorepivororuso.pdf
- https://uploads.strikinglycdn.com/files/b76d60b0-78ac-4518-b010-930361b8097e/lopi_wood_stove_parts_blower.pdf
- https://uploads.strikinglycdn.com/files/b9ccfa1b-76bb-4253-812d-3f90047391c8/16979199102.pdf
- https://uploads.strikinglycdn.com/files/c8bb1bd2-f10b-4c5e-af35-cf4b185fd4fc/the_omen_machine_audiobook_free.pdf
- https://uploads.strikinglycdn.com/files/1af76920-0772-4ab7-acaa-26476e52daa8/tamibonopujubesisexupof.pdf
- https://uploads.strikinglycdn.com/files/688ef080-ada5-474b-b949-c50df8729833/57349300211.pdf
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000e984.binc9c158a442f5c2c65862dacd79e5db053bc36b4628be89a6878be23bf3b04e75 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xE984 | 5916 bytes |
font_01_sfnt_off0000fd8e.bin2a5227b91ad61cd2807680dd49da65cee5a385ce5b8ca3518db1641425919499 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xFD8E | 11520 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.