MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF file was flagged by multiple heuristics, including a critical ClamAV detection and an ML classifier, indicating malicious intent. The embedded URL points to a suspicious domain, likely used to host a phishing page or a second-stage payload. The document body, though heavily obfuscated, contains references to 'wkhtmltopdf' and a date, suggesting it was generated programmatically to appear as a document.
Machine Learning
- Nyx PDF Classifier malicious score 0.9997
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://soxebez.ru/strik?utm_term=the+possibility+of+evil+by+shirley+jackson
- https://cdn.sqhk.co/viforoge/lgiE7jb/text_tools_illustrator.pdf
- https://static.s123-cdn-static.com/uploads/4470962/normal_5ffb1fe7d5fee.pdf
- https://cdn.sqhk.co/vazodowadu/shanhek/95459328879.pdf
- https://cdn.sqhk.co/nufomewo/a8qruie/84512486327.pdf
- https://static.s123-cdn-static.com/uploads/4421342/normal_5fefa4d9a0876.pdf
- https://cdn-cms.f-static.net/uploads/4447084/normal_60498ce2175b7.pdf
- https://cdn.sqhk.co/niserutom/jeBidg4/kozipirazowuxof.pdf
- https://static.s123-cdn-static.com/uploads/4418777/normal_5ffd2468b34e6.pdf
- http://xexufonek.iblogger.org/bovibadodo.pdf
- https://cdn-cms.f-static.net/uploads/4450249/normal_602090854b284.pdf
- https://cdn-cms.f-static.net/uploads/4475852/normal_5fd10baa02ddf.pdf
- https://static.s123-cdn-static.com/uploads/4384145/normal_5fe5890ad4cd5.pdf
- http://fekedusotuxena.iblogger.org/57607958145.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://uploads.strikinglycdn.com/files/71ebf9d1-48bb-49fc-80d9-9cb09a7018d2/what_religion_is_canterbury_cathedral.pdf
- https://uploads.strikinglycdn.com/files/d3532f7f-182a-4177-ae33-8a7f7a9cde7c/sakojovenidokema.pdf
- http://kagiwabiluwotel.epizy.com/38412319492.pdf
- http://rozazidugo.epizy.com/port_authority_blue_line.pdf
- http://tesitanine.rf.gd/xaganifuta.pdf
- http://rurebirafana.epizy.com/glencoe_6th_grade_science_textbook.pdf
- http://xirokigekokumar.rf.gd/stickman_backflip_5_mod_apk.pdf
- http://riremeg.rf.gd/music_information_retrieval_book.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000f5b2.bindc01a41222db873b108d4cea3f997a338fe7140b11db1ead97bdde57e4d80cb7 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xF5B2 | 5492 bytes |
font_01_sfnt_off00010868.bin05943a7d1ccce92952fb3e69503d67246472c9af259b11639623a825fc2d3aa5 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x10868 | 11444 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.