MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
The ML classifier and ClamAV detection strongly indicate malicious intent. The PDF contains embedded URLs that likely lead to further malicious content, masquerading as a Netflix notification to trick the user. The document's structure and heuristic firings suggest it is designed to deliver a phishing payload.
Machine Learning
- Nyx PDF Classifier malicious score 0.9998
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://www.myhhsi.com/wp-content/plugins/super-forms/uploads/php/files/3b346c037ae8cccc7c2ad53a029302b3/24515262302.pdf
- https://edoxmarketing.com/wp-content/plugins/super-forms/uploads/php/files/vt06b0mtl0ln7aetethdvub2pp/vudopel.pdf
- https://leo-translate.com.ua/wp-content/plugins/formcraft/file-upload/server/content/files/16075bee962f2f---8411651114.pdf
- https://nceptionsolutions.com/wp-content/plugins/super-forms/uploads/php/files/02d9a93bac9687306fd47369b9df14ff/paxosidolusodej.pdf
- https://drahmetbostanci.com/wp-content/plugins/formcraft/file-upload/server/content/files/1606e4ba4962d1---jesewavilasedowagafeliwi.pdf
- http://prodesign31.ru/wp-content/plugins/formcraft/file-upload/server/content/files/160755a2d32138---32346610234.pdf
- https://mediabandit.com/wp-content/plugins/formcraft/file-upload/server/content/files/1606f0690acf6f---dedogaxibidowida.pdf
- https://advancedbusiness.co/wp-content/plugins/super-forms/uploads/php/files/5a814faac692cdd4a0cb30638f776d1b/jiwanu.pdf
- https://empylean.com/wp-content/plugins/super-forms/uploads/php/files/ni6crlvftvc28j6a5cdl1vn58b/jiwuse.pdf
- https://chamsocmuihong.com/wp-content/plugins/super-forms/uploads/php/files/j11rq2432b4pgtti16iuv4k9j8/48823345495.pdf
- https://oiweld.com/wp-content/plugins/super-forms/uploads/php/files/729938b6cbfc331373e145727d85c147/virenudani.pdf
- http://skuplaptop.pl/wp-content/plugins/formcraft/file-upload/server/content/files/16087d5a24c8bb---95325364563.pdf
- http://aprendanow.com/wp-content/plugins/super-forms/uploads/php/files/ee49e5b7b7766417998549ecdf7d09dd/2105901522.pdf
- https://www.ferienhof-schneider.de/wp-content/plugins/formcraft/file-upload/server/content/files/16079d45e8d7e7---137358281.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://feedproxy.google.com/~r/skout/mBVl/~3/3vuEKuznOb8/uplcv?utm_term=netflix+no+android+8.+1
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000d583.bina7fd449dea8daec2474ec2218d712a865d1e585d2576eedde32a158299f2fed6 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xD583 | 5036 bytes |
font_01_sfnt_off0000e6c8.bin5b68aebeef24d05d9d78fbbca881637ece1c060617d89594ed5ce0973acf14d2 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xE6C8 | 10004 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.