MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF file was detected as malicious by ClamAV and an ML classifier, indicating a high likelihood of malicious intent. It contains an embedded URI pointing to 'https://soxebez.ru/award?keyword=the+haunting+of+hill+house+pdf+free', which is likely a phishing or malware distribution lure disguised as a search result. The document body, though heavily obfuscated, contains references to wkhtmltopdf and a date, suggesting it was generated programmatically. No scripts were extracted, but the presence of external URIs and the overall malicious verdict strongly suggest an attempt to redirect the user to a malicious site.
Machine Learning
- Nyx PDF Classifier malicious score 0.9997
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://soxebez.ru/award?keyword=the+haunting+of+hill+house+pdf+free
- http://alexandreablog.com/the_great_gilly_hopkins_movie_plotejruq.pdf
- http://kinokaiff.space/co_teacher_job_descriptionchozm.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://s3.amazonaws.com/padadutiseni/blackburn_college_apprenticeship_application_form.pdf
- https://s3.amazonaws.com/xamapebonijos/92044138745.pdf
- https://s3.amazonaws.com/gedexim/20992423636.pdf
- https://s3.amazonaws.com/buwosevax/cognitive_psychology_professor_jobs.pdf
- https://s3.amazonaws.com/jijari/85568273687.pdf
- https://s3.amazonaws.com/vaxebisapesi/nunobuzinesowitoma.pdf
- http://nanexufagaw.epizy.com/what_are_examples_of_sight_words.pdf
- https://s3.amazonaws.com/tinivukedeta/sepigonomo.pdf
- https://s3.amazonaws.com/xoxaneral/24317317968.pdf
- https://s3.amazonaws.com/busutafitufe/12259012422.pdf
- https://uploads.strikinglycdn.com/files/06a3ea7a-c310-41b0-a9ec-ace4cdd3ee4e/how_to_start_a_pellet_stove_with_gel.pdf
- https://s3.amazonaws.com/goviwigax/denepejeroluwolifu.pdf
- https://uploads.strikinglycdn.com/files/d7b42732-b639-41b6-b531-d2643ffc02be/79130402237.pdf
- https://uploads.strikinglycdn.com/files/515797b6-790f-48a2-ac96-af515f8ec85f/war_of_the_worlds_tv_cast_2019.pdf
- https://s3.amazonaws.com/zumezeviwakiz/best_ppt_templates_free_fppt.pdf
- http://zazupixuwup.rf.gd/xitixadekitibixosarivi.pdf
- https://s3.amazonaws.com/juzowilipi/muzutupi.pdf
- http://semiwexojexudu.epizy.com/logical_fallacies_in_the_crucible_worksheet.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000e1ca.bin66de512a24b6bacc9c149b282e89d854cb580b1f8de3b237a1688b8858d6e53d |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xE1CA | 5252 bytes |
font_01_sfnt_off0000f3a4.bind0f777d3447ed4bcc8b452dc2d41c6802ee29626be3a998fa5b30b903c9bcc71 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xF3A4 | 10240 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.