MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
This PDF file was flagged by a machine learning classifier and ClamAV as malicious, specifically as a phishing trojan. It contains an embedded URL pointing to 'ponafet.ru', which is likely part of a phishing campaign. Although no scripts were explicitly extracted, the PDF structure and embedded URLs suggest an attempt to redirect the user to a malicious site, likely for credential harvesting or malware delivery.
Machine Learning
- Nyx PDF Classifier malicious score 0.9996
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ponafet.ru/strik?utm_term=how+to+turn+on+a+gas+water+heater+pilot+light
- http://9gusevshop.space/veritakonrlqi.pdf
- https://cdn-cms.f-static.net/uploads/4470228/normal_60510f3cd89fa.pdf
- https://static.s123-cdn-static.com/uploads/4375209/normal_5fee182fe53d9.pdf
- https://static.s123-cdn-static.com/uploads/4455890/normal_5fd03309a2313.pdf
- https://static.s123-cdn-static.com/uploads/4385435/normal_5fe589cc7fd61.pdf
- http://changely.club/23593586807s5osh.pdf
- https://static.s123-cdn-static.com/uploads/4481058/normal_5ff9e951e5acc.pdf
- http://haifaiv.ru/understanding_cryptography_springerim089.pdf
- https://cdn-cms.f-static.net/uploads/4388163/normal_5fe99e02f1d73.pdf
- http://mp4.design/katebunizegeribabebuxosatgihn7.pdf
- https://static.s123-cdn-static.com/uploads/4480878/normal_5fdefd1c02bde.pdf
- http://sellforce.ru/lovisujurujisutisezgxe0.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://uploads.strikinglycdn.com/files/204fd217-c482-442a-a675-ae1ed6207c5f/13706079535.pdf
- http://kovemipenege.rf.gd/7413844539.pdf
- http://burevomekevi.rf.gd/34220597914.pdf
- http://rifufogasuser.rf.gd/ligomisoxiwexotu.pdf
- https://uploads.strikinglycdn.com/files/53482f49-9e2e-465a-9e79-1e105e7ce23d/50497130286.pdf
- https://uploads.strikinglycdn.com/files/d16069ad-9bdf-4195-8fcb-08e37a238773/how_to_fix_a_broken_pallet_jack.pdf
- https://07d68bf2-0661-47e2-9ffe-eae068a071af.filesusr.com/ugd/fef806_6ff7e5882f4f411faeb60a9eacb5adf9.pdf?index=true
- https://uploads.strikinglycdn.com/files/a2651831-addf-4813-9e97-9d8a694730c5/kepojup.pdf
- http://gaxijejazaxedaj.epizy.com/how_to_calculate_salary_adjusted_for_inflation.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000db2c.binf1eee3260f6fbdf41007e462e37b149e4c07f321a99a4d22a3abbbb93f33e0b5 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xDB2C | 5136 bytes |
font_01_sfnt_off0000ecb2.bin9c088f62a29d35fc66677ce0494853147a57439047552af012facc9fbd2eb361 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xECB2 | 11252 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.