MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF file was flagged as malicious by ML classifiers and ClamAV, indicating a high likelihood of malicious intent. It contains an embedded URI pointing to 'https://xezojetit.ru/wix?keyword=elvenar+strategy+guide', which is likely a phishing or malware distribution URL. The document body, though heavily obfuscated, suggests a lure related to 'Elvenar strategy guide', aligning with a phishing or social engineering attack pattern.
Machine Learning
- Nyx PDF Classifier malicious score 0.9998
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://xezojetit.ru/wix?keyword=elvenar+strategy+guide
- https://cdn.sqhk.co/gopilufifeda/eNEpPih/cannon_shooting_story.pdf
- https://static.s123-cdn-static.com/uploads/4492250/normal_5fc572a00c76e.pdf
- https://cdn-cms.f-static.net/uploads/4408993/normal_600f8a12e5428.pdf
- https://cdn-cms.f-static.net/uploads/4470679/normal_5fd26b5e9e06f.pdf
- http://pugisapi.mypressonline.com/nudekufuxeju.pdf
- http://kvyovk.xyz/after_book_series_box_setsiu3c.pdf
- http://monstergym.ru/setagasewupapikem165n2.pdf
- https://cdn.sqhk.co/posogamumut/hBkNvzi/30165996768.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://uploads.strikinglycdn.com/files/856ed8f3-8193-40c9-9afe-8e69e126c015/dinimogunetufe.pdf
- https://uploads.strikinglycdn.com/files/96a7348d-1e86-4246-848b-a1ff8334a471/xapanip.pdf
- https://uploads.strikinglycdn.com/files/4347c9ae-b64c-4c1a-a6d3-23513285948e/wedur.pdf
- https://569961a5-e6b5-462d-8b38-7193d5e7b20b.filesusr.com/ugd/a37a2e_8a84ef43d981453f90f85206e724bd0a.pdf?index=true
- http://vovakupalujum.onlinewebshop.net/88641016092.pdf
- https://uploads.strikinglycdn.com/files/e8ba85ce-78a4-4072-88c0-77efb4dbecd9/how_much_does_a_nba_sports_agent_make.pdf
- https://88211235-bf86-4d40-a6ec-a052db2f682e.filesusr.com/ugd/94e5ef_82f8470926094b84ba3bc10132519455.pdf?index=true
- https://b86313a8-447b-404d-ae6d-bc69740d899e.filesusr.com/ugd/e54fc7_deb1a54d499d455aa25e8f9f77df9ece.pdf?index=true
- https://uploads.strikinglycdn.com/files/74003c2c-2c78-44fa-b22f-426cb7804ea3/how_to_see_log_table_in_hindi.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00024a48.bin216f0480384ba5badec545074bf2d3388d64650628c9a39aab1ea9533f6a82e3 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x24A48 | 5112 bytes |
font_01_sfnt_off00025bca.bin5fe60f95b3c820cb32849af51131c6feef8ab65c382eeae0c6b202c95d5d488b |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x25BCA | 10912 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.