MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF file was flagged by ML classifiers and ClamAV as malicious, specifically as a phishing trojan. It contains multiple embedded URLs, one of which is directly referenced in the heuristic findings, suggesting an attempt to redirect the user to a malicious site. The document body, though heavily obfuscated, contains keywords related to the bible, likely as a lure.
Machine Learning
- Nyx PDF Classifier malicious score 0.9998
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://leonvi.ru/award?keyword=holy+bible+old+testament+pdf
- http://lnstagramverifiedbadgeservice.com/midajuluworurukijokrky52.pdf
- http://yozi.store/54717077892vkas0.pdf
- http://sakhavto.ru/94832667857rojxq.pdf
- https://vonefemupeme.weebly.com/uploads/1/3/5/9/135957005/8762914.pdf
- http://naturagrush.space/wagatarjftn.pdf
- https://tedozumezefa.weebly.com/uploads/1/3/2/7/132740670/9054256.pdf
- http://bisokebe.22web.org/zetutojuzir.pdf
- http://sexapixir.22web.org/kindle_fire_hd_10_video_formats.pdf
- http://wigalelo.22web.org/gikexovarewogevago.pdf
- http://gimakelodikovij.iblogger.org/sql_interview_questions_and_answers_on_joins.pdf
- http://rufopaf.22web.org/the_trial_and_death_of_socrates_summary_euthyphro.pdf
- http://relaguguwo.22web.org/bus_application_form_bmtc.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://uploads.strikinglycdn.com/files/2aafddfe-dc0a-4809-bce5-01285229b647/how_to_cite_two_quotes_in_one_sentence_chicago.pdf
- https://856cb5e6-6c81-45ce-9604-b57907a15cd2.filesusr.com/ugd/cc3ca9_7f7d7961bd29434e8f2104d85b6007d7.pdf?index=true
- http://vigigizumobake.rf.gd/rorose.pdf
- https://48e4e0df-78ce-4736-8797-27735e68dc67.filesusr.com/ugd/f3b179_8066e83920a545969d61aa7a33fb4ad0.pdf?index=true
- http://tiliwadovi.epizy.com/hawaii_surf_report_oahu.pdf
- https://9d1e48ad-bcd7-4831-9b7b-7108443a63b6.filesusr.com/ugd/136d07_288ca53d716d4f74b75243178280ea4a.pdf?index=true
- http://worubigux.epizy.com/nedagiragigef.pdf
- http://gagisomix.rf.gd/67166032355.pdf
- https://2080fafa-2491-4ac3-8118-a138f33bff34.filesusr.com/ugd/822ecd_03014674394e4183b204c50f376c46d3.pdf?index=true
- https://uploads.strikinglycdn.com/files/f7eb9e4a-7909-46ce-bd2f-03ebf5d0d655/on_green_dolphin_street_lyrics_meaning.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0001a29f.bin7fcd8d14a8d01ed84b68e38e277beffb318436ad2c3febb82a77d1fce344cf93 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1A29F | 5292 bytes |
font_01_sfnt_off0001b494.binc167e2eacff154a57f1e1709c72211977ac0107a5ca7358031b7c4459e061a2d |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1B494 | 13944 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.