MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
The file is identified as malicious by ML classifiers and ClamAV, with a specific ClamAV detection name indicating it is a phishing trojan. The PDF contains an embedded URI pointing to a suspicious domain, which is likely intended to trick the user into visiting a malicious site. No scripts were extracted, but the presence of an external URI suggests a phishing or credential harvesting attempt.
Machine Learning
- Nyx PDF Classifier malicious score 0.9947
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://oniceh.ru/square?utm_term=social+function+of+biography+text
- https://static1.squarespace.com/static/60bf6c89a2b0b938881bcf91/t/60f3212b29712869f0645ec6/1626546475249/pivofojizo.pdf
- https://static1.squarespace.com/static/60bf6c89a2b0b938881bcf91/t/60f28ee227519501fc09cb32/1626509026614/how_many_angles_does_a_hexagon_have.pdf
- https://static1.squarespace.com/static/60aac4dd19f082755c4e5c69/t/60f727ef12bbf6728b9c0a2a/1626810351737/psc_english_questions_download.pdf
- https://static1.squarespace.com/static/60aac59fb7e9621e2f466549/t/60f46374c5d9e6782cebc7ca/1626628980982/78711958584.pdf
- https://static1.squarespace.com/static/60aac4dd19f082755c4e5c69/t/60f8bf37d6a22c495fc89a37/1626914615866/simulation_and_modeling_mcqs_with_answers.pdf
- https://static1.squarespace.com/static/60bf6c89a2b0b938881bcf91/t/60f146f3b238236d23342ec2/1626425075383/common_multiples_of_8_and_11.pdf
- https://static1.squarespace.com/static/60bf69b23f3791685666e32d/t/60f28f37fb6d8f5e80502d2d/1626509111301/oxford_english_dictionary_free_download.pdf
- https://static1.squarespace.com/static/60aac4e0d5abe22cec5c4b22/t/60e78b0385664d35b0e2b053/1625787139157/440_yards_to_miles.pdf
- https://static1.squarespace.com/static/60aac4e0d5abe22cec5c4b22/t/60ec905f58d864752e021377/1626116192058/putetunetigajanudikekiz.pdf
- https://static1.squarespace.com/static/60aac4dd19f082755c4e5c69/t/60f86354cc3f8a3514d2296c/1626891092578/31471339402.pdf
- https://static1.squarespace.com/static/60aac5994c6b1805bc4acbdb/t/60ee5d8d1f51426150cf2b10/1626234253947/selixarutamoron.pdf
- https://static1.squarespace.com/static/60aac4e0d5abe22cec5c4b22/t/60f8b568f94f7d19ee14462e/1626912104442/85196068804.pdf
- https://static1.squarespace.com/static/60bf6bff0d8d387fecc8b153/t/60f07f0a879468132507c449/1626373898867/wetem.pdf
- https://static1.squarespace.com/static/60aac52a97a1d73ddacfe14c/t/60f08a4e998c24587c4115b1/1626376782144/introduction_of_motor_insurance.pdf
- https://static1.squarespace.com/static/60bf6bff0d8d387fecc8b153/t/60f982e24f5bfc186c47bca9/1626964706491/lupet.pdf
- https://static1.squarespace.com/static/60bf6bff0d8d387fecc8b153/t/60f0f53e74384d54fdfb67c1/1626404158181/cookie_monster_gif.pdf
- https://static1.squarespace.com/static/60aac59fb7e9621e2f466549/t/60ec860f40121f56689a4141/1626113552003/songs_written_by_the_beatles.pdf
- https://static1.squarespace.com/static/60aac4e0d5abe22cec5c4b22/t/60eff29ecd1cf129e162c766/1626337950151/install_obb_and_apk.pdf
- https://static1.squarespace.com/static/60bf6bff0d8d387fecc8b153/t/60f81a5e86bb0f67147e7270/1626872414965/how_do_you_say_scallops_in_spanish.pdf
- https://static1.squarespace.com/static/60aac5994c6b1805bc4acbdb/t/60f1f890d0cbc11ff8832d1a/1626470544546/91597350970.pdf
- https://static1.squarespace.com/static/60bf6bff0d8d387fecc8b153/t/60f548bb6f491d4a1f07ce3a/1626687675292/scripture_for_the_lords_supper.pdf
- https://static1.squarespace.com/static/60bf6c89a2b0b938881bcf91/t/60f4723325edf1230665de7d/1626632755971/mcq_on_physics_for_class_12_with_answers.pdf
- https://static1.squarespace.com/static/60aac5994c6b1805bc4acbdb/t/60f960f25ad3337a4c53a047/1626956018749/isosceles_equilateral_scalene.pdf
- https://static1.squarespace.com/static/60bf69b23f3791685666e32d/t/60f8e81524c5f82eff4edc73/1626925078216/why_don_t_you_play_in_hell.pdf
- https://static1.squarespace.com/static/60aac52a97a1d73ddacfe14c/t/60f8c967c368992324fc12fd/1626917223826/31367797744.pdf
- https://static1.squarespace.com/static/60bf6c89a2b0b938881bcf91/t/60f71dc696b16b7721755425/1626807750332/plane_stress_and_plane_strain_examples.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://dejavu.sourceforge.net
- http://dejavu.sourceforge.net/wiki/index.php/License
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00011dcf.bin977b91e79854a1be447ee42a8d2862f8e56bf68ded59d656754e3035b3e5d1fe |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x11DCF | 16836 bytes |
font_01_sfnt_off000149c3.bin666aea0c57ee13e9b8b8924f8dfd6093610a4ca35c0e75e4cd96c8599b4fd824 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x149C3 | 11124 bytes |
font_02_sfnt_off00016380.bin9d2294e344127da9ddc2b77d68b1576b6b78373885bc9da2859f180a98f2c1e1 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x16380 | 16792 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.