MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF contains an embedded URI pointing to a suspicious domain, which is a strong indicator of a phishing or malware distribution attempt. The ML classifier and ClamAV detection further confirm its malicious nature. The document body, though heavily obfuscated, suggests a lure related to maps, likely to trick users into visiting the malicious URL.
Machine Learning
- Nyx PDF Classifier malicious score 0.9997
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://resalured.ru/award?keyword=central+america+map+blank+pdf
- https://cdn.sqhk.co/ruduligived/jcoidii/30757331935.pdf
- https://cdn-cms.f-static.net/uploads/4482023/normal_60391ee8c0c10.pdf
- http://legionmone.xyz/parrot_ck3100_sound_problems9glws.pdf
- https://cdn.sqhk.co/terasovo/eNqhbgd/new_marvel_dc_animated_movies_2015.pdf
- https://cdn.sqhk.co/sifalavuxozo/jfjfV2w/23102579908.pdf
- http://snatural.space/3338740307716ycq.pdf
- https://cdn-cms.f-static.net/uploads/4488806/normal_5fd8bf8186a13.pdf
- http://morj.space/sexiest_fallout_4_mods_xbox_one_2020v7284.pdf
- http://reactivaperu-viabcpi.com/fabrication_dun_extracteur_de_miel1k6o7.pdf
- https://cdn.sqhk.co/wikelere/1UjeP5y/dezezexifo.pdf
- https://static.s123-cdn-static.com/uploads/4427076/normal_6003a364d1c50.pdf
- https://cdn-cms.f-static.net/uploads/4484122/normal_605efa1ae5343.pdf
- http://microbladingcertificationdfw.org/reloading_bench_heightttrwl.pdf
- http://national-verifyteam.com/driver_booster_free_for_windows_10jw5w0.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://eaae50f7-3b1c-4f1b-9b3c-e2a48377569d.filesusr.com/ugd/b96e41_0f3cf9ffc6ce406194f9b889a123b47d.pdf?index=true
- http://zudujijikaj.rf.gd/77700914163.pdf
- https://f516a5e5-1936-4b34-b436-a929b3a34b8d.filesusr.com/ugd/774001_0d6b7aef5a704a9fb635054fb55d5ccc.pdf?index=true
- http://xigufogadenake.epizy.com/nijazulakozumefotodere.pdf
- http://boparozib.rf.gd/cards_against_humanity_bigger_blacker_box_expansion.pdf
- http://sijeviveb.epizy.com/13437258531.pdf
- http://nelozud.epizy.com/73213222041.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000eb7c.binbba82b2496e7f7fb3683c4e190c8fe344241b81cb2b70beabbb382885334fc33 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xEB7C | 5232 bytes |
font_01_sfnt_off0000fd2a.bin789fd2dafcae00fad3e46a54f7d4ff5887e6ac7be14b2e63620d6fbc066f64ef |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xFD2A | 10740 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.