MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF file was flagged by ML classifiers and ClamAV as malicious, specifically as a phishing trojan. It contains an embedded URI pointing to 'resalured.ru', which is likely a phishing or malware distribution site. The document body, though heavily obfuscated, suggests a lure related to academic notes, aligning with common phishing tactics.
Machine Learning
- Nyx PDF Classifier malicious score 0.9992
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://resalured.ru/award?keyword=bcs+theory+notes+pdf
- http://xogezile.66ghz.com/winrar_5_full_crack_64bit.pdf
- https://cdn.sqhk.co/tejilunuf/SzDhgja/michigan_governor_election_2020_candidates.pdf
- http://fafasun.iblogger.org/21828988465.pdf
- https://cdn.sqhk.co/vujaderaz/jghjdjh/wojna_polsko_bolszewicka_przyczyny_i_skutki.pdf
- https://cdn.sqhk.co/xajamenujo/njjxAG8/sam_kraemer_koaa_twitter.pdf
- https://cdn.sqhk.co/pefatipi/Sviggd2/mitumox.pdf
- https://cdn.sqhk.co/bubiwalifeda/jegeJhc/pomp_and_splendor_meaning_in_urdu.pdf
- https://cdn.sqhk.co/wuluzajiroz/giDjgLZ/fevogefuvamugonet.pdf
- https://cdn.sqhk.co/vopunokapire/clighfv/stick_hero_archer_fighting.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://s3.amazonaws.com/zatasipezeg/29442598393.pdf
- https://s3.amazonaws.com/muvarelo/belajar_coding_lewat_android.pdf
- https://c245485c-e1a4-4c5a-9a2a-c465a95e53c8.filesusr.com/ugd/25f824_a8a0d96fc65f4ff0a646dcedabd2a1c4.pdf?index=true
- http://jexaziled.rf.gd/sex_education_in_school_essay_writing.pdf
- http://duliwijedij.rf.gd/supirunuluzejakusip.pdf
- https://b3a1a1c9-4f8f-4fb8-b7cc-7339030cc889.filesusr.com/ugd/162fe6_69cae377cb3b4467a9d1689e32e8f81c.pdf?index=true
- http://kovewerabarev.rf.gd/carcinogenicity_studies.pdf
- https://s3.amazonaws.com/dinisemowoge/texaka.pdf
- https://s3.amazonaws.com/susonanezaj/grave_encounter_movie.pdf
- https://s3.amazonaws.com/pukaridimupo/suvevogetuwewatodidejilob.pdf
- https://67bb8873-ca08-4da4-87c0-60a8072ebff6.filesusr.com/ugd/a838c0_313b719d301c452eb3b7f3a5a9e1345e.pdf?index=true
- https://s3.amazonaws.com/lejivugeleguwod/22445365180.pdf
- https://s3.amazonaws.com/xufujofaleki/wadilejujogabuzab.pdf
- https://c2dbac7f-2075-4dc1-ad03-af0d0352bff2.filesusr.com/ugd/278743_6a93725c6c4a473eb3324df4809aeba5.pdf?index=true
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00011f7a.bin26decbd9ca9a23557e841f5ca45a2d47c9bfad4d69fe16fc77b35963632fcbfd |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x11F7A | 5152 bytes |
font_01_sfnt_off0001310d.bin1ce6b396cc7f28c27ae366b0eafed58341d4e910c2d2d99589def4d26d256e74 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1310D | 12076 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.