MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The file is a PDF document that contains an embedded URL pointing to a suspicious domain, identified by heuristics and a machine learning classifier as malicious. The ClamAV detection further confirms its malicious nature, flagging it as a phishing trojan. The document body, though heavily obfuscated, suggests a lure related to 'absolute value inequalities test pdf', likely a pretext to drive the user to the malicious URL.
Machine Learning
- Nyx PDF Classifier malicious score 0.9997
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://dafemum.ru/award?keyword=absolute+value+inequalities+test+pdf
- https://cdn.sqhk.co/sosobita/rDThZgc/dark_knight_weapons_dark_souls_3.pdf
- http://alkim.xyz/kivijupexudunabaxikomo0bipu.pdf
- https://cdn.sqhk.co/mibolujo/8rhcrjh/zawajarupazivuva.pdf
- http://mazikopipovix.mywebcommunity.org/cause_and_effect_reasoning_tricks.pdf
- http://mixed-rootwork.com/what_does_the_blue_heart_emoji_mean_sent_from_a_boyl5ou5.pdf
- http://timurberg.ru/what_are_some_funny_british_sayingsojwbr.pdf
- http://bnatural.space/zinorixigajukafimsssxi.pdf
- http://rezotu.xyz/23241858184d28p3.pdf
- https://cdn.sqhk.co/rinilafexowi/iecyibR/dazerusafefi.pdf
- http://wusumomijo.medianewsonline.com/75236128539.pdf
- http://tobufupevujuma.mygamesonline.org/behringer_ep4000_manual.pdf
- http://lobabinuladeri.medianewsonline.com/21116978474.pdf
- http://tehnikator.ru/consumer_reports_on_best_refrigeratorsbeop9.pdf
- https://cdn.sqhk.co/xibetevoxaj/2cSfxje/valiant_hearts_the_great_war_switch_gameplay.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://6d23287f-a15b-43b7-8d69-700c0e01f504.filesusr.com/ugd/185c00_81370cf9fb594877b12ee7e80cb1a970.pdf?index=true
- https://1527c8d3-3321-4e9f-872f-e2bebb57bac2.filesusr.com/ugd/bf2d42_b65d317e362b4fd3a7bc8cab84f74bc7.pdf?index=true
- https://05282879-aed3-4f16-ac14-d534add4d4bd.filesusr.com/ugd/0f8b7c_15c6c11fee1d45b1aa1fb93355d03839.pdf?index=true
- http://vimixof.onlinewebshop.net/gate_agricultural_engineering_syllabus_2020_download.pdf
- https://3d7c42e8-cad9-4196-8f3c-0f210fd97588.filesusr.com/ugd/1b7c00_bb0e220f9acf496a8b0d495385fcd584.pdf?index=true
- https://b9a4c3d6-4ccf-4d04-9b0f-c2e9c357e15d.filesusr.com/ugd/e5cbe5_720719d082e04e81b8c9730242a3bb11.pdf?index=true
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000e37d.bin23c25fba41259f7b98eb92d485fcb08b83d47d85fb2300eca9bb9b1f5c8956a9 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xE37D | 5252 bytes |
font_01_sfnt_off0000f572.bine25c6fd714bc90eee4664abc44c8f47b181ef811be7d6339a2df4731c3103a04 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xF572 | 11276 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.