MALICIOUS
136
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF file contains a lure related to a repair manual, which is a common tactic for phishing or malware distribution. The embedded URL, https://botokaw.ru/wix?keyword=1985+chevy+s10+repair+manual+pdf, is identified as an SEO redirector, likely leading to a phishing page. The ClamAV detection and ML classifier strongly indicate malicious intent, consistent with a phishing attack.
Machine Learning
- Nyx PDF Classifier malicious score 0.9994
Heuristics 5
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
Image lure linking to an SEO redirector (free-download phishing) high PDF_SEO_UTM_REDIRECTOR_LINKPDF embeds an image with little or no body text and a clickable link to a multi-word utm_term / FeedBurner-proxied SEO redirector — the 'free ebook / solution-manual / document download' phishing family that ranks for natural-language search queries and routes the user into a payload/redirect chain. The PDF carries no exploit; the risk is the linked destination. Flagged structurally (image lure + SEO redirector) so it does not depend on a ClamAV/ML signature, and regardless of how many filler text pages the lure carries.
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://botokaw.ru/wix?keyword=1985+chevy+s10+repair+manual+pdf PDF link annotation
- https://static.s123-cdn-static.com/uploads/4366337/normal_5fd08534618c9.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4486537/normal_5fd31a19600a0.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4450517/normal_603348eb593da.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4450733/normal_6003c40e29847.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://uploads.strikinglycdn.com/files/f3cdbc38-b4bc-451b-abf8-8c64703a2655/how_many_reps_when_lifting_heavy_weights_for_an_hour.pdfIn PDF document text
- http://bosirizowu.rf.gd/lumifuzejuzogalexakopu.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/8e987d5a-8069-4aca-8b78-e510406cd5ba/the_travelers_gift_book.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/f0b1575e-d309-4e51-8772-8d7273bc7fd9/39293605525.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/232671c3-6487-4b80-b192-fa1e7fa2fda2/koregu.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/91854226-42c7-41d4-a792-dd579d559e8c/28294065588.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/2a778ef9-e82f-4c31-b082-463aedccda46/67410874969.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/8caa8010-8156-42ad-bf98-0ab7786a85d3/35975397735.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/66464572-1cf2-4a7a-9b75-40508a88f565/simplifying_trigonometric_identities_worksheet_with_answers.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/ae9760b3-2396-465c-a08d-3a4282a0afde/68811727340.pdfIn PDF document text
- http://sekekubonigav.rf.gd/alarm_tone_zedge.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/3a9080d2-be52-44a2-8ddb-b6b163b5bb61/2008_jeep_wrangler_unlimited_x_for_sale.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/c8783066-d3c7-4ff1-bca8-680a710b7edc/value_education_meaning_in_marathi.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/c57fe108-e694-47d3-bc7c-25ffae6cf2e1/biponagozema.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/36a2140e-4218-4bea-94e4-49064f6d16bd/rofelikuzagipulegapobure.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/83b49a55-ea45-447a-897a-f32a14b425b3/zikawotavax.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/8cb90565-c710-4a1e-a897-b114329023fe/how_do_i_read_my_sensus_water_meter.pdfIn PDF document text
- http://dimavaju.epizy.com/vetuputa.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/766eee58-6a44-4009-961e-1e9b57c565bc/toxaxekoziludo.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000f8c5.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xF8C5 | 6132 bytes |
SHA-256: 855b1d491787bcf9fb11e34b520964002f2addf10ba06c2a05740581da95a6ee |
|||
font_01_sfnt_off00010d8c.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x10D8C | 10232 bytes |
SHA-256: c7a96229e6547b833620516f876dc0ad9951596c4510295b55295cf2138b68a8 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.