MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF file was flagged by ML classifiers and ClamAV as malicious, specifically as a phishing trojan. It contains an embedded URL that directs users to a suspicious domain, likely for credential harvesting or malware distribution. The document body, though partially corrupted, suggests a lure related to a movie, aligning with common phishing tactics.
Machine Learning
- Nyx PDF Classifier malicious score 0.9995
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://pelibifir.ru/123?utm_term=el+nombre+de+la+rosa+pelicula+completa+en+espa%25C3%25B1ol+latino+gratis PDF link annotation
- http://pogadai.xyz/bikebukulo7qlv4.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4382618/normal_603d2467e008f.pdfIn PDF document text
- http://complerbnp.com/volume_of_a_graduated_cylinder_worksheetym4ze.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4386091/normal_60261da13a7cf.pdfIn PDF document text
- http://yazansoft.com/zaz_animation_pack_load_order1apps.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4405202/normal_5fcede54e85bd.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4456399/normal_5ff858b285042.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- http://www.daltonmaag.com/In PDF document text
- https://uploads.strikinglycdn.com/files/ccea0444-4413-4eb7-bb05-e166bd1d4cf8/notixalaxavumolur.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/43b22b84-8931-42bd-a664-9428b4a07385/jazazuwamexepitipamutopew.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/6d4e0181-b539-49b3-a522-b27831cff94e/40933013399.pdfIn PDF document text
- https://s3.amazonaws.com/jebupofedijakuk/bootstrap_template_simple_admin.pdfIn PDF document text
- https://s3.amazonaws.com/senodiw/boy_in_striped_pajamas_cast.pdfIn PDF document text
- https://s3.amazonaws.com/tujeviwakirawu/meaning_investigative_reporting.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/9344e249-1746-4d38-a544-d975e6f4aa2e/38988401925.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/22850e13-249c-4bea-aa5a-ea6d64aa601f/pefixizukorurogezivezopig.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/b81d7f8f-f14f-4732-ba62-02d8b3b8d398/2014_volkswagen_passat_1.8_transmission_fluid_change.pdfIn PDF document text
- https://s3.amazonaws.com/fobupojowojon/48773398737.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/1d910dc1-e3e5-4790-86be-58f937381ea3/zixud.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/48784854-503f-48af-81ce-d347729e1b9d/samsung_s4_mini_daten_lschen.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/c4948c01-3450-42db-97c2-6093c722b43f/how_to_use_netgear_powerline_1200.pdfIn PDF document text
- https://s3.amazonaws.com/lepefi/56796539616.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/8503eefb-77fe-4f42-818f-97b0c952c4fb/41330796640.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000dc14.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xDC14 | 5584 bytes |
SHA-256: 718ba19eda6f37414303a60c64997c8ffa22c5f0535ecb560fb093234f2cbc3f |
|||
font_01_sfnt_off0000eea4.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xEEA4 | 11956 bytes |
SHA-256: 868d98b94ba1af2149db09600f3d708c68aa392c6b19fe42a9931532a0926df3 |
|||
font_02_sfnt_off000115be.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x115BE | 4324 bytes |
SHA-256: 9f355172d696dda274cac500966718f112ce76951f19577ac4888987ea6471b2 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.