MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
This PDF file was detected as malicious by ML classifiers and ClamAV, indicating a phishing or trojan payload. It contains an embedded URI pointing to a suspicious domain, likely intended to redirect the user to a malicious site. The document body, though heavily obfuscated, appears to be a lure related to a search query, suggesting a phishing attempt.
Machine Learning
- Nyx PDF Classifier malicious score 0.9926
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://leonvi.ru/strik?utm_term=what%2527s+another+word+for+political+alliance PDF link annotation
- https://bopevifobomamak.weebly.com/uploads/1/3/0/8/130814579/zefonako-xexorozutej-regumogoma.pdfIn PDF document text
- https://moluxoket.weebly.com/uploads/1/3/2/6/132682852/e72f40d39f5965.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4366969/normal_5ff71a3b30799.pdfIn PDF document text
- http://zomoxesami.22web.org/commercial_settlement_agreement_template_uk.pdfIn PDF document text
- http://gogejevi.iblogger.org/34526912319.pdfIn PDF document text
- http://wotomonexu.22web.org/bry_air_dehumidifier_manual.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4479226/normal_604cd19d52212.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://uploads.strikinglycdn.com/files/5f13cb02-2737-4cc7-a7a2-9f5f49c42ca8/what_solution_can_i_use_in_my_hoover_floormate.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/a9d6c09c-466b-4fbc-9737-f7a48b409400/vakurubifadelesobumevo.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/fb4362a9-b1db-4c4e-9552-2a4117e0a6c5/dyson_dc59_filter.pdfIn PDF document text
- http://kusogit.rf.gd/rusopozosanexewu.pdfIn PDF document text
- http://gejepif.epizy.com/51513713590.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/7d2b2a45-a98b-4393-a4ab-46b6bd121c6e/64997037142.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/c8a5058f-c013-4684-9270-bdf96353afcf/theseus_and_the_minotaur_hades.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/975e4d3e-bf2e-46d6-86f7-509f34835402/whats_the_difference_between_pass_by_reference_and_pointers.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/9b4ff6ac-f5fd-4681-9f8f-eb324cf66f01/what_is_the_sum_of_infinite_geometric_series_3_4.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/4f46ca0d-e0b6-4a58-b954-84d468325f7b/lost_in_yonkers_play_cast.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/1c243b68-9844-45c5-afb4-956548a3a169/belchior_divina_comdia_humana_significado.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/1ad61b54-9133-4acb-975f-4e976ddba4c4/what_are_the_5_positions_in_basketball_and_what_do_they_do.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/9f733af1-f348-4841-87e6-049134f89747/omron_hbf-306c_handheld_body_fat_loss_monitor.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
- http://dejavu.sourceforge.netIn PDF document text
- http://dejavu.sourceforge.net/wiki/index.php/LicenseIn PDF document text
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0002e508.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x2E508 | 5380 bytes |
SHA-256: 733229321ba07d864041bb6bbed84c82b468eb0a6edc218ad1d0b56f86807998 |
|||
font_01_sfnt_off0002f772.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x2F772 | 15064 bytes |
SHA-256: 33e770207baabd8327a57bd2dd07ffaad49eb648d5422d6328779af227c5f79d |
|||
font_02_sfnt_off0003267e.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x3267E | 16060 bytes |
SHA-256: 503f5200e83b189a546b6c6e1d808633a9135186956fe76ff9bd78de3d91e3c6 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.