MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF contains embedded URLs that mimic search engine results, a common lure for phishing or malware delivery. ClamAV and ML classifiers strongly indicate malicious content, specifically a phishing trojan. While no scripts were directly extracted, the PDF structure and embedded URIs suggest it is designed to redirect the user to malicious sites.
Machine Learning
- Nyx PDF Classifier malicious score 0.9995
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://resalured.ru/wix?keyword=columbia+county+clerk+of+courts+wi
- http://sowakowakemim.mygamesonline.org/bibliotecas_virtuales_en_salud.pdf
- https://cdn-cms.f-static.net/uploads/4501361/normal_6049c2a15a6ee.pdf
- http://re-capital.ru/dewopolabemitudunuxisu55pxx.pdf
- http://narewenu.22web.org/jozadaxosalanog.pdf
- http://moitender.org/wawuvib8tfyj.pdf
- https://cdn-cms.f-static.net/uploads/4465151/normal_5fd620ac53c86.pdf
- https://cdn-cms.f-static.net/uploads/4444850/normal_60490d42711e9.pdf
- http://nezowigivomi.scienceontheweb.net/36302564100.pdf
- https://cdn-cms.f-static.net/uploads/4392659/normal_5fd64c0de1ce9.pdf
- http://menformula.xyz/how_to_print_out_remind_instructionshqusx.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://uploads.strikinglycdn.com/files/3f7322ea-9d92-4919-88ab-d6dc3c4c77d2/11705393851.pdf
- http://xobeminal.atwebpages.com/99154756220.pdf
- https://uploads.strikinglycdn.com/files/53176497-3398-4768-b999-20d6e4ee33a8/incubation_stage_of_revolution.pdf
- http://gazosaka.epizy.com/free_to_word_doc_converter_arabic.pdf
- https://uploads.strikinglycdn.com/files/e937f775-8d8d-4d90-bdbb-9870d7f3b42e/lojebazegoxepuz.pdf
- http://dekefolujif.epizy.com/bolsa_de_valores_de_new_york.pdf
- https://a6132035-7465-4fe4-be4e-2faa96c22dab.filesusr.com/ugd/cf950b_87711a2a1ce94cd884e23db4ddbeafa7.pdf?index=true
- http://ribafaga.rf.gd/flubber_movie_questions_and_answers.pdf
- https://uploads.strikinglycdn.com/files/687f1fb2-3022-4a93-b31a-98eefede7c45/playstation_4_games_coming_out_in_2021.pdf
- https://uploads.strikinglycdn.com/files/61f78e6b-93c3-435f-9b16-2fcd7c7bee6e/70154055282.pdf
- https://4910898c-6dae-4802-98be-c66cdd591ee0.filesusr.com/ugd/3283b0_7a6131c07d69475d87a157b6b28c2d74.pdf?index=true
- http://naxesabefadufu.atwebpages.com/6738652583.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000da65.binb90a4702c057e65e57dcca047b658be818e99dc3353cc73c68eda3821615e993 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xDA65 | 5332 bytes |
font_01_sfnt_off0000ec89.binc7f2e42b88a36615b0bfc148c78c0d132680510e02edd146f95160e754961f7c |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xEC89 | 10476 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.