MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
This PDF file was flagged by a machine learning classifier and ClamAV as malicious, specifically as a phishing trojan. It contains an embedded URI pointing to a suspicious domain, likely intended to redirect the user to a malicious site. The document body, though heavily obfuscated, suggests a lure related to 'Sky wing 5.0', indicating a potential social engineering attempt.
Machine Learning
- Nyx PDF Classifier malicious score 0.9997
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://jumiwimov.ru/strik?utm_term=sky+wing+5.0
- http://opit.space/giponuvgbbgp.pdf
- http://clientbluebadge.com/mods_for_minecraft_ps4_download2ahvi.pdf
- https://cdn.sqhk.co/guzowozuk/igibhiA/groovo_video_effect_glitch_apk_free_download.pdf
- https://cdn.sqhk.co/ludozenidi/diiaLgj/pandora_streaming_music_radio_podcasts_apk.pdf
- http://storeyou.store/baggins_calorie_informatione7b5v.pdf
- http://bonboxstudio.com/principles_of_mathematical_analysis_3rd_edition_solutionslyv63.pdf
- http://nosinoski.shop/sofewumezagadelipijugs08g.pdf
- https://static.s123-cdn-static.com/uploads/4366040/normal_5ff829e70c73a.pdf
- https://cdn.sqhk.co/xamitarerivu/w5hAGjf/57942556514.pdf
- http://okrasote.info/sketchup_make_free_download_for_windows_108fd11.pdf
- http://lnstagramsecurity.net/what_is_rerum_novarum_about4qn5k.pdf
- http://lnstagramcopyrighthelps.com/30475651205ggq9y.pdf
- http://axecheat5.xyz/403851327297ne4i.pdf
- https://cdn-cms.f-static.net/uploads/4449768/normal_6015fe9bf2fb6.pdf
- https://cdn.sqhk.co/sowojusawepu/fcLichc/motogosewutaxetutokali.pdf
- https://cdn-cms.f-static.net/uploads/4453575/normal_603d73fd3db26.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://uploads.strikinglycdn.com/files/0e59cd04-a246-4981-8c84-907612a4c84c/goresorosegilumar.pdf
- https://uploads.strikinglycdn.com/files/a30df79a-3ae3-4ead-9134-f4c63f3b5404/tugirubitegoxefomoriwazu.pdf
- https://uploads.strikinglycdn.com/files/59d8321e-630e-42a6-ba48-146918b97890/kujesul.pdf
- https://uploads.strikinglycdn.com/files/8f210523-a0b0-4f8c-aea3-f64cee59d516/73855785019.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00013d9c.bin33eb1495ba04d961cf3804198bde944d6577e3a46d9d0047b31dba32c8afac2c |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x13D9C | 4996 bytes |
font_01_sfnt_off00014ee4.binfbf00172d9a86869af9f92765579fa0f7374f267a0aedc85f9e6a17b1b0a2f37 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x14EE4 | 10980 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.