MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The sample is a PDF file flagged by ClamAV as Pdf.Phishing.Trojan. The presence of an external URI pointing to 'jumiwimov.ru' suggests a phishing or malware distribution attempt. Although no scripts were explicitly extracted, the PDF structure and the ML classifier's high confidence indicate malicious intent, likely to trick users into visiting a malicious site.
Machine Learning
- Nyx PDF Classifier malicious score 0.9996
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://jumiwimov.ru/strik?utm_term=burris+eliminator+3+programming
- http://mexicotop.xyz/malidudefevevofigidolega5meuf.pdf
- http://belkwigs.com/parent_functions_worksheet_all_things_algebrannxyq.pdf
- http://lnstagram-verifedbadge.com/759957060480n4f.pdf
- https://cdn.sqhk.co/pakebisas/ws1ifie/29469212992.pdf
- https://cdn.sqhk.co/lemisobe/RjiQjaP/27339837119.pdf
- https://cdn.sqhk.co/tizuvuwo/3jcdje7/project_manager_definition_apm.pdf
- http://slimitalia.space/give_me_liberty_summary_chapter_1692npr.pdf
- http://clientesdkb.com/what_are_the_5_survival_needs_of_the_human_bodytx0c8.pdf
- http://rbqjkwklnd.xyz/how_to_set_up_my_spectrum_remote_to_my_samsung_tvtog5q.pdf
- http://xsafak.com/36949216055f2n6f.pdf
- https://cdn.sqhk.co/leperanurosi/jxohigd/72874804202.pdf
- https://cdn.sqhk.co/fugapaloter/dPhieTX/ritubu.pdf
- http://monoga.space/devemo2jf21.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://s3.amazonaws.com/redegelesibif/sap_data_warehouse_concepts.pdf
- https://s3.amazonaws.com/gazivemon/cloud_nine_definition_slang.pdf
- https://s3.amazonaws.com/kufazete/76348855765.pdf
- https://uploads.strikinglycdn.com/files/12923859-735f-4c59-b342-6ede3519acff/38878061376.pdf
- https://s3.amazonaws.com/welanisowari/lumosity_app_apk.pdf
- https://s3.amazonaws.com/fatikonavori/principles_of_mathematical_analysis_2nd_edition.pdf
- https://s3.amazonaws.com/lebaxa/windows_xp_format_cd_si.pdf
- https://s3.amazonaws.com/vososasoxumete/tonijaxurogowa.pdf
- https://uploads.strikinglycdn.com/files/44b40dc9-eb16-437e-9520-ef7077ebc90f/75431016189.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00015b64.bin34b893753c9e1e32e7a9473acbebd0f9ae4ae91a742a71154e49ebcf0d8d6c82 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x15B64 | 5352 bytes |
font_01_sfnt_off00016d80.bin5ed1ffd16ad3c8ee5c487da8500d187c5e6f0703901059705c945b3eee7d6a6d |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x16D80 | 12180 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.