MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF file was flagged as malicious by a ML classifier and ClamAV, indicating a high likelihood of malicious intent. The embedded URL and document body suggest a phishing attempt, masquerading as a property notice to trick users into visiting a malicious domain. No scripts were extracted, but the presence of external URIs points towards a downloader or phishing lure.
Machine Learning
- Nyx PDF Classifier malicious score 0.9997
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://seumenha.ru/wix?keyword=sample+notice+to+remove+vehicle+from+property
- http://fakurivevid.scienceontheweb.net/r_programming_language_crash_course.pdf
- http://jorowijedo.mywebcommunity.org/les_neurones_de_la_lecture.pdf
- http://reduslim-italiaoficial.site/83226731873sq4xz.pdf
- http://mitedujonajezed.scienceontheweb.net/dark_blue_denim_jacket_mens.pdf
- http://wotidoteked.mywebcommunity.org/rowebazakej.pdf
- http://begdas.fun/proctor_modificado_aashto_t_18010mqz.pdf
- http://nutusugeralinet.mypressonline.com/kajodajil.pdf
- http://ruxuzosok.mywebcommunity.org/72155414006.pdf
- http://xemakaze.mywebcommunity.org/19809914577.pdf
- http://ig-objectionform.com/boss_harmonist_ps_6_usedfmz2n.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://s3.amazonaws.com/jikopot/sanford_guide_to_antimicrobial_therapy_2018.pdf
- https://7b9449e5-51e9-4a7e-81f5-8587c42320f9.filesusr.com/ugd/571bad_cd15662e6c0a47e8acf1947a0d8ca144.pdf?index=true
- https://891dfe3a-8969-4df2-b253-5ccc4ebbb7a0.filesusr.com/ugd/e66789_d48c8fc8584f4c0a989d5955b7cbb3c6.pdf?index=true
- https://s3.amazonaws.com/sajezife/vampire_armor_mod_skyrim_se.pdf
- https://uploads.strikinglycdn.com/files/94a89a91-ae96-42e0-83ae-dbc573cf0ab2/zigojunuwijevibanari.pdf
- https://uploads.strikinglycdn.com/files/e6a3d141-31eb-449d-9cf3-c93e2c25cff0/vagivebo.pdf
- https://599b09cd-7b6a-4758-94a3-08a08d316165.filesusr.com/ugd/628a76_f528443857954701a75d143188192cfd.pdf?index=true
- https://s3.amazonaws.com/zafaronivaj/batman_games_for_pc_highly_compressed.pdf
- http://xemigososefof.atwebpages.com/60892510922.pdf
- https://deed868a-3c3f-4b0d-b3ae-f9ebe8a38c33.filesusr.com/ugd/95283b_1bf9beb0312c432e9ad82be6303a93fa.pdf?index=true
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000e99d.bin861b4ff51bae33e8665b641840a47879e764e24e5f905e03124eae1f1c988997 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xE99D | 5344 bytes |
font_01_sfnt_off0000fbae.bine1a5867582aa944092ee2c57cb57951fc5a6198731410246dc150e00b1958e32 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xFBAE | 9868 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.