MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF file was detected as malicious by ML classifiers and ClamAV, with a specific ClamAV signature indicating it's a phishing trojan. It contains an embedded URI pointing to a suspicious domain, which is likely used to host a malicious payload or phishing page. The document's metadata suggests it was generated by wkhtmltopdf, a tool often abused to create malicious PDFs.
Machine Learning
- Nyx PDF Classifier malicious score 0.9996
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://nipisod.ru/wix?keyword=case+scenarios+grocery+inc.powerpoint+presentations
- https://cdn.sqhk.co/tasokuxu/cVRINii/sugixazen.pdf
- https://cdn.sqhk.co/libuzewis/pPzSsja/80529370062.pdf
- https://cdn.sqhk.co/jomutepe/ItheQhe/the_dictator_cast_name.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://s3.amazonaws.com/potofaw/anewkodi_wifi_adapter_driver.pdf
- https://s3.amazonaws.com/jiwisigetizoxif/atlas_copco_compressed_air_filters.pdf
- http://vatapusaf.rf.gd/63149971265.pdf
- https://s3.amazonaws.com/bulikowexunepov/60493186763.pdf
- https://s3.amazonaws.com/zuwimadaneb/kuvufusodajozo.pdf
- https://s3.amazonaws.com/wixatax/free_low_carb_diet_plan_for_weight_loss_uk.pdf
- https://uploads.strikinglycdn.com/files/3dfe32fa-cddc-422f-830e-7d936b0a6b91/62908368805.pdf
- https://s3.amazonaws.com/vaxebisapesi/14101241931.pdf
- https://s3.amazonaws.com/jafujasiwetid/the_catbird_seat_story.pdf
- https://uploads.strikinglycdn.com/files/b7d6a2aa-224c-4c61-b18c-123e3d6eef37/who_is_the_most_influential_person_in_your_life.pdf
- https://s3.amazonaws.com/wazotojemov/poxilopitaberurebusaviga.pdf
- http://jufazireti.rf.gd/ahir_image_hd.pdf
- http://gekazez.epizy.com/crystal_reports_editor_free.pdf
- http://kanomovezizof.epizy.com/american_english_language_course.pdf
- http://latosenepodukum.rf.gd/zombie_catcher_apk_dayi.pdf
- https://s3.amazonaws.com/xidazeze/amazing_grace_easy_sheet_music_free.pdf
- https://s3.amazonaws.com/nasitevu/gidamuwipuwoginanewet.pdf
- http://tuwewigeniwaf.rf.gd/78024728683.pdf
- https://uploads.strikinglycdn.com/files/2e1387b2-4bb9-43b3-8d7a-00a54ae21981/zopizapekejibirikonare.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000101ce.bin2fee9bac7dfc172826adca9361d62c6f89f67103cc1db4ed0a650f4ce672aa35 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x101CE | 5200 bytes |
font_01_sfnt_off000113a5.bincf8d3f8540d5ecb527b704995e1f94d19e297b4953c97d6c679cd7573df3cfc9 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x113A5 | 11148 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.