MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF file was flagged by ML classifiers and ClamAV as malicious, indicating a high probability of malicious intent. It contains an embedded URL pointing to 'bologen.ru', which is likely part of a phishing or malware distribution scheme. The document body, though partially corrupted, suggests a lure related to 'how to smoke a brisket', which is a common tactic to disguise malicious content. No scripts were extracted, but the presence of multiple suspicious URLs suggests a phishing or credential harvesting attempt.
Machine Learning
- Nyx PDF Classifier malicious score 0.9952
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://bologen.ru/strik?utm_term=how+to+smoke+a+brisket+in+the+big+easy PDF link annotation
- http://mists.space/marketing_planner_job_descriptionze0g8.pdfIn PDF document text
- http://fresh-ita.fun/kuridikukutotiwupbdct4.pdfIn PDF document text
- https://cdn.sqhk.co/jomurozop/eidA4ja/fofumofuxutapedowikowenul.pdfIn PDF document text
- http://famozosivupiwij.sportsontheweb.net/25019073973.pdfIn PDF document text
- http://abreudesigns.com/is_epic_emr_hard_to_learnmgevd.pdfIn PDF document text
- https://cdn.sqhk.co/sipebesoxu/gjpcJjg/tozogivubimafoduvoge.pdfIn PDF document text
- http://fresh-ita.fun/astrokings_space_battles_real-_time_strategy_mmo6nu8x.pdfIn PDF document text
- http://tokio-2020.fun/gefasuxxydr6.pdfIn PDF document text
- https://cdn.sqhk.co/wabasenenem/grLiije/retro_game_reviews_youtube.pdfIn PDF document text
- http://fbcopyright-center.com/remapa21usi.pdfIn PDF document text
- https://cdn.sqhk.co/gixenako/pJibhg4/tapumojojiletib.pdfIn PDF document text
- http://gozimudowojuzun.mypressonline.com/czasy_teraniejsze_jzyk_angielski.pdfIn PDF document text
- http://ipatovaalena.ru/watts_premier_replacement_filter_kiti5ct6.pdfIn PDF document text
- http://idealicaitalia.website/394785454967z191.pdfIn PDF document text
- http://moneymaya.site/how_to_get_tv_code_for_samsung_tvszqy1.pdfIn PDF document text
- http://bit7.top/xunumivam7895q.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- http://www.daltonmaag.com/In PDF document text
- https://s3.amazonaws.com/vebogotexaf/elite_dangerous_horizons_combat_guide.pdfIn PDF document text
- https://s3.amazonaws.com/fixararololu/introduction_to_differential_topology.pdfIn PDF document text
- https://s3.amazonaws.com/pazerogasarinu/grant_decline_letter_template.pdfIn PDF document text
- https://s3.amazonaws.com/nevovumowa/star_wars_the_essential_atlas.pdfIn PDF document text
- https://s3.amazonaws.com/metakibeme/bipubefuja.pdfIn PDF document text
- https://s3.amazonaws.com/jezekemunidup/hotel_rwanda_questions_answers.pdfIn PDF document text
- https://s3.amazonaws.com/fekife/nikon_m_223_1-4_review.pdfIn PDF document text
- https://s3.amazonaws.com/kelukakeb/fondant_baby_shoe_template_free.pdfIn PDF document text
- http://firiwigisu.atwebpages.com/american_cinematographer_magazine_2020.pdfIn PDF document text
- https://s3.amazonaws.com/xifabilejilab/maluzuzela.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
- http://dejavu.sourceforge.netIn PDF document text
- http://dejavu.sourceforge.net/wiki/index.php/LicenseIn PDF document text
Extracted artifacts 4
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00018852.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x18852 | 5216 bytes |
SHA-256: fcc37052b3dfb162cf11b9a3810f123e11f26a40bf3f0e03f89ca7d93b3d9200 |
|||
font_01_sfnt_off000199ed.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x199ED | 12388 bytes |
SHA-256: f3f427bfbd660dd181ff4aee761e989e94c6427b166dd0a2876bf3369e414776 |
|||
font_02_sfnt_off0001c372.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1C372 | 16244 bytes |
SHA-256: 2a86a2fa1d1e53b46191496c64707bc719c518660bffdb32115f09414204d62b |
|||
font_03_sfnt_off0001d8ec.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1D8EC | 4324 bytes |
SHA-256: 0d0f64e27578eb124b8bc81c7eceacdd166e22eddd95c81328e9fbd7de2a6333 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.