MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF file was flagged by multiple heuristics and a machine learning classifier as malicious, with ClamAV specifically identifying it as a phishing trojan. The embedded URL points to a suspicious domain, likely serving as a lure to a phishing or malware distribution site. The document body, though heavily obfuscated, contains references to a 'Brother p-touch' label maker, suggesting a social engineering pretext.
Machine Learning
- Nyx PDF Classifier malicious score 0.9995
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://nipisod.ru/strik?utm_term=brother+p-touch+pt-h100+rotuladora+electr%25C3%25B3nica
- https://cdn-cms.f-static.net/uploads/4469841/normal_5fd1fe3c5dbf2.pdf
- http://tulutita.sportsontheweb.net/80234346010.pdf
- http://7lessons.fun/2012_chevrolet_silverado_lt_for_saleghq31.pdf
- http://gejesixave.scienceontheweb.net/85819182020.pdf
- https://cdn-cms.f-static.net/uploads/4413473/normal_60411d96b1a00.pdf
- http://myshoes.moscow/11563988220d0thu.pdf
- http://fionainthefield.org/dunkin_bowls_nutrition_informationnir9r.pdf
- http://wigigokewadusad.iblogger.org/87355067141.pdf
- http://about-fb-support.com/kejelawan5nms4.pdf
- https://cdn-cms.f-static.net/uploads/4417808/normal_602c1b75c9b39.pdf
- http://memexeti.66ghz.com/nims_is-_700b_test_answers.pdf
- https://cdn-cms.f-static.net/uploads/4489838/normal_60567ed9812ff.pdf
- https://cdn-cms.f-static.net/uploads/4478422/normal_6032826a7d913.pdf
- http://wefilevazobakeb.mypressonline.com/human_anatomy_and_physiology_of_respiratory_system.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- http://fiwimul.epizy.com/87168352984.pdf
- http://sakamajuxuga.epizy.com/briggs_and_stratton_vanguard_18_hp_manual.pdf
- https://s3.amazonaws.com/fupanabivote/95536396726.pdf
- http://kilisajafe.rf.gd/how_to_draw_for_beginners_easy_step_by_step.pdf
- https://b73db3ac-2e3c-475a-83ab-7f4668f00a8f.filesusr.com/ugd/80e8fa_06b66c1d90ed439e97419b6e2a82f1ba.pdf?index=true
- https://4c5ad993-366d-4b3a-aa99-9b6f56583180.filesusr.com/ugd/01e791_c5cdfa7f3da7461caf7b79e0e6e4b418.pdf?index=true
- https://s3.amazonaws.com/gezetega/58453966780.pdf
- https://s3.amazonaws.com/bulikowexunepov/living_things_worksheet_grade_3.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000df32.bin46d94bfe2abbd555ee6bf09dcf7cc688448ed87c02b38cf02ead4e1065b96787 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xDF32 | 5392 bytes |
font_01_sfnt_off0000f14f.binc2b39d2772ceda80231c9e551779c9638bce3fd7813a0b06a0ec04956dcf9679 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xF14F | 12828 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.