SUSPICIOUS
36
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF contains an embedded URL that redirects to a suspicious domain, disguised as a legitimate document template. The ML classifier strongly indicates maliciousness, and the presence of external URIs suggests an attempt to download further content or redirect the user to a malicious site. No scripts were extracted, but the overall structure and embedded URI point to a phishing or credential harvesting attempt.
Machine Learning
- Nyx PDF Classifier malicious score 0.9996
Heuristics 3
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://nipisod.ru/123?utm_term=navy+brag+sheet+template+2019 PDF link annotation
- http://tejasatobes.medianewsonline.com/free_easy_piano_sheet_music_popular_songs.pdfIn PDF document text
- http://fomijegi.mypressonline.com/dd_monster_name_generator.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4375531/normal_605dc40e8873e.pdfIn PDF document text
- https://cdn.sqhk.co/nipigagavadu/OjiNjct/cayman_islands_government_scholarship_form.pdfIn PDF document text
- https://cdn.sqhk.co/pezolaje/fjjii3Y/panibupig.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4496812/normal_6043247a62917.pdfIn PDF document text
- https://cdn.sqhk.co/mipijotom/ggie8ji/30884219813.pdfIn PDF document text
- https://cdn.sqhk.co/nenexozoz/OMIPgi4/adls_webforms_website.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4393506/normal_6016e8ad36fec.pdfIn PDF document text
- https://tilakajunobeka.weebly.com/uploads/1/3/0/7/130739719/vagawaniwowes_vobizog_gitijazudusun.pdfIn PDF document text
- https://gigalenu.weebly.com/uploads/1/3/4/6/134652901/5614680.pdfIn PDF document text
- http://gagivukamuw.getenjoyment.net/coarse_aggregate_test.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4403820/normal_605f96ecda326.pdfIn PDF document text
- https://cdn.sqhk.co/gabisolovima/dhfCEts/1954751867.pdfIn PDF document text
- http://balegetiwep.mywebcommunity.org/jigupuxate.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- http://fomepufasele.atwebpages.com/jozazepivan.pdfIn PDF document text
- https://ba30dffa-51fe-4caa-9472-6f142403a9bb.filesusr.com/ugd/c2007e_422f31cce27a495b95f426a379154720.pdf?index=trueIn PDF document text
- http://solezod.myartsonline.com/adenitis_cervical_nios.pdfIn PDF document text
- https://dd54f144-242a-4a88-9385-6c39f9996aab.filesusr.com/ugd/9f32c1_cc47f0aa2add46a1876b5fee64732234.pdf?index=trueIn PDF document text
- https://c301b42c-deab-4116-afcd-a09dd0728425.filesusr.com/ugd/4bb894_f0feca214ff14224ba3bbec2d7eaaa14.pdf?index=trueIn PDF document text
- https://c5e26362-acc3-4c40-9db4-ce0cbd355080.filesusr.com/ugd/681527_a12105a0d8cd4012b79a21f19e8b45e2.pdf?index=trueIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000e9ae.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xE9AE | 12808 bytes |
SHA-256: d46ecfaa2a0c536b1ed01c4546a43bda65d57792428c93e033961e5752f875f7 |
|||
font_01_sfnt_off000113d7.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x113D7 | 5984 bytes |
SHA-256: ca8147ca2030c474eba7c1535d69533f9575b37d24426ded5ef68bc9bf12a1e3 |
|||
font_02_sfnt_off00012822.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x12822 | 11316 bytes |
SHA-256: 0f5076ed5475ddcb2d440e0a11c192ca63d72400be9c7589852b88b8ac5fd4c5 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.