MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF contains an external URI pointing to a suspicious domain, likely intended to trick the user into downloading a malicious file. ClamAV detection as 'Pdf.Phishing.Trojan' further supports its malicious nature. The presence of embedded URLs and the ML classifier's high confidence indicate a phishing or malware distribution attempt.
Machine Learning
- Nyx PDF Classifier malicious score 0.9998
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://jumiwimov.ru/wix?keyword=the+martian+movie+questions+worksheet+pdf
- http://drovazvenigorod.ru/fovixowarimuzesfzjqp.pdf
- http://rcasino.info/ways_of_seeing_john_berger_espaol2t8v0.pdf
- http://wikowezenitezo.medianewsonline.com/how_to_reset_password_hp_officejet_pro_8600.pdf
- http://pixell.store/suvugetoturovudasatiwu34qse.pdf
- http://tozofuji.scienceontheweb.net/the_fall_albert_camus.pdf
- http://gatofupimekow.mywebcommunity.org/65961708971.pdf
- http://liwexun.mywebcommunity.org/zafon.pdf
- http://viewcreditscore.info/459886942324uh52.pdf
- http://fuxanujibiz.mygamesonline.org/11612048618.pdf
- http://surozofawowidom.scienceontheweb.net/42848377643.pdf
- http://tazanup.mypressonline.com/79420201567.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://s3.amazonaws.com/kelageketisefuv/ribowafopujof.pdf
- http://paguxesij.myartsonline.com/account_manager_job_interview_questions_and_answers.pdf
- http://dakafatuvuguviz.atwebpages.com/bipilekad.pdf
- https://76ed6b59-b034-43ac-b949-e1c08f76e3cb.filesusr.com/ugd/ee6100_d7122e29cf444559b9ea7afe8c88d598.pdf?index=true
- https://689a2394-1721-4ce0-b6f7-af9f1dc0d621.filesusr.com/ugd/0f5b72_f91fe9ccc5c54132ad108f77487ee336.pdf?index=true
- http://rukosivujuxu.atwebpages.com/how_do_i_draw_a_route_on_google_maps.pdf
- http://zowofiz.myartsonline.com/similarities_between_abraham_lincoln_and_andrew_johnson.pdf
- http://zogadawedalifap.onlinewebshop.net/strength_to_love_chapter_2_summary.pdf
- https://s3.amazonaws.com/bupaxomu/citrix_receiver_for_chromebook.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000ec0e.bin2f182a4507085018522d33bfe664e3a191e52895022ddee89bee70de815bf044 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xEC0E | 5540 bytes |
font_01_sfnt_off0000fecb.binda6f230838a49242a19eb398b7b0223cb198354210dee3597f4b126a326c8ad7 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xFECB | 11564 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.