MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The file is identified as malicious by ClamAV and an ML classifier, with a heuristic indicating an external URI. The embedded URL 'https://ponafet.ru/award?keyword=muscle+workout+pdf' suggests a phishing or social engineering lure. Although no scripts were explicitly extracted, the PDF structure and the presence of external links are common in phishing campaigns.
Machine Learning
- Nyx PDF Classifier malicious score 0.6505
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ponafet.ru/award?keyword=muscle+workout+pdf PDF link annotation
- https://static.s123-cdn-static.com/uploads/4371023/normal_5ff7584837dd7.pdfIn PDF document text
- https://cdn.sqhk.co/piwizogir/jahfhbe/tezuvefelo.pdfIn PDF document text
- https://gopadafuwidu.weebly.com/uploads/1/3/0/7/130740623/fc2fd75e93917ec.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4484370/normal_60124209e2d9c.pdfIn PDF document text
- http://rizafewedi.iblogger.org/67734372956.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4451945/normal_5fd64cd2a6dc9.pdfIn PDF document text
- https://fojugifobuko.weebly.com/uploads/1/3/5/3/135328464/7319558.pdfIn PDF document text
- https://musisemikalig.weebly.com/uploads/1/3/4/6/134694348/mezovibufemagagove.pdfIn PDF document text
- https://cdn.sqhk.co/kidirugolo/qjhegiF/risiwizovone.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4473044/normal_603912050969e.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4414678/normal_602d2d2b35846.pdfIn PDF document text
- https://lopetumidola.weebly.com/uploads/1/3/3/9/133989387/gagerokexudemuxabiko.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4417422/normal_5fdae45cbe0da.pdfIn PDF document text
- https://cdn.sqhk.co/sudidoxa/bLzQJie/zexozivifosim.pdfIn PDF document text
- https://cdn.sqhk.co/digubamot/djf6hjg/87559408955.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4480155/normal_5ffb3f7154434.pdfIn PDF document text
- https://cdn.sqhk.co/wojipezusax/ishgamI/42031324503.pdfIn PDF document text
- https://tabogivazosepa.weebly.com/uploads/1/3/1/8/131871767/a0b2a6.pdfIn PDF document text
- http://fontawesome.iohttp://fontawesome.io/license/In PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- http://fozipifi.epizy.com/contax_t2_film_camera_ebay.pdfIn PDF document text
- http://kuxoxulid.epizy.com/botany_optional_notes.pdfIn PDF document text
- https://f18b8dc1-3ce9-44bd-8712-01435d039869.filesusr.com/ugd/b97cba_5643591fb11044f584006cb2171df3ad.pdf?index=trueIn PDF document text
- https://7aff118d-26f6-4d76-9bc9-1838009e7274.filesusr.com/ugd/f80014_228509ca9f2a42acaa18b4dbb23a001d.pdf?index=trueIn PDF document text
- https://e5720c39-3c1c-4a52-9be9-509675281b5a.filesusr.com/ugd/0010c8_9cd47a96b4e740ce8292a69992dcc60a.pdf?index=trueIn PDF document text
- http://modudupudabu.rf.gd/gift_voucher_template_powerpoint.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- https://savannah.gnu.org/projects/freefont/In PDF document text
- http://www.gnu.org/licenses/In PDF document text
- http://www.gnu.org/copyleft/gpl.htmlIn PDF document text
- http://scripts.sil.org/OFLIn PDF document text
- http://dejavu.sourceforge.netIn PDF document text
- http://dejavu.sourceforge.net/wiki/index.php/LicenseIn PDF document text
Extracted artifacts 6
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0002882c.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x2882C | 16344 bytes |
SHA-256: 294722a4b84ff56acee226f3e3b98def366435505aaada7f23beb1229a928e2a |
|||
font_01_sfnt_off0002b650.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x2B650 | 5468 bytes |
SHA-256: df45d43e6251523beaa5e7a17a29490af43bbdea30ff25b3470af53bc05dd79e |
|||
font_02_sfnt_off0002c922.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x2C922 | 1888 bytes |
SHA-256: 40ec050d1c199089d0417cd4c41d455703d8b9296c950e5bcf83f91bbe6a4a65 |
|||
font_03_sfnt_off0002d250.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x2D250 | 5100 bytes |
SHA-256: a006cd6aa3406cd3a8b415671fe5af7dd86212111ae16536af614a9c1c5c1115 |
|||
font_04_sfnt_off0002e3de.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x2E3DE | 14164 bytes |
SHA-256: 42bfa54739e926bf5b81b435c7f22799f1335d4ecc6ceb4c6edb807cc7f95bba |
|||
font_05_sfnt_off00031225.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x31225 | 16228 bytes |
SHA-256: 3e2dd80738af7f299af9002be229f9149716300506d931e049d1084dcd9e38ac |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.