MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF file was flagged as malicious by ML classifiers and ClamAV, indicating a high likelihood of malicious intent. It contains numerous embedded URLs, with one specifically identified as an external URI pointing to 'https://jumiwimov.ru/strik?utm_term=craftsman+10+inch+table+saw+rip+fence'. This suggests the document is likely a phishing lure or a distribution point for further malware. No scripts were extracted from this sample.
Machine Learning
- Nyx PDF Classifier malicious score 0.9998
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://jumiwimov.ru/strik?utm_term=craftsman+10+inch+table+saw+rip+fence
- https://bexipame.weebly.com/uploads/1/3/0/7/130776855/rezejibamebewopore.pdf
- https://dudasajaje.weebly.com/uploads/1/3/4/3/134362454/a0f5d59c6e0.pdf
- https://cdn.sqhk.co/ronelejibir/bgdD6id/didukunavi.pdf
- https://cdn.sqhk.co/wixakulu/hgUhbid/most_viral_funny_video_download.pdf
- https://static.s123-cdn-static.com/uploads/4367279/normal_5ffc555e95ba2.pdf
- https://wugupuvexiso.weebly.com/uploads/1/3/0/9/130969254/46b95dd40d03c3.pdf
- https://static.s123-cdn-static.com/uploads/4370740/normal_5fecd5be8134f.pdf
- https://gopaxeseje.weebly.com/uploads/1/3/6/0/136082610/wazabadegeg-vowukesuzupuza.pdf
- https://cdn-cms.f-static.net/uploads/4501054/normal_600b022fb52ce.pdf
- https://cdn-cms.f-static.net/uploads/4424043/normal_603bb549c4270.pdf
- https://static.s123-cdn-static.com/uploads/4453336/normal_6008876123033.pdf
- https://cdn-cms.f-static.net/uploads/4452624/normal_60419472c52e1.pdf
- http://gedadekenoz.mywebcommunity.org/72449199619.pdf
- https://cdn-cms.f-static.net/uploads/4467612/normal_600e83fdd1529.pdf
- https://cdn.sqhk.co/wejafivelij/BhdsUZg/amusement_parks_near_me.pdf
- https://static.s123-cdn-static.com/uploads/4379720/normal_5ff816766e6f8.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://19e6fc83-c281-4d06-93fd-e8b16a02b90a.filesusr.com/ugd/ce5d00_43493ab1ab3944cbab64c88e93dc2187.pdf?index=true
- https://d21da297-2d1c-4020-882f-059d99c29dc9.filesusr.com/ugd/3724a2_d22eca0ed1c8441d98e5d6843783d63f.pdf?index=true
- http://bavotuvezomevi.myartsonline.com/why_is_my_bunny_changing_colors.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000d787.bin37e980c26a2fba006cfe5300a57ffe954ff9292a00539ed64a54fe2eae10d41c |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xD787 | 5588 bytes |
font_01_sfnt_off0000ea67.bin179df41cf35dc610198d8da4a42a6f638316ee5a23c9a0ec3130185c723ed0ca |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xEA67 | 11320 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.