MALICIOUS
136
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF file was flagged by ClamAV as a phishing trojan and a machine learning classifier indicated a high probability of maliciousness. The heuristic 'SE_PASSWORD_ARCHIVE_LURE' suggests the document is designed to trick users into opening a password-protected archive, a common tactic to bypass security scans. The embedded URL points to a domain that is likely part of the distribution infrastructure for this malicious document.
Machine Learning
- Nyx PDF Classifier malicious score 0.9719
Heuristics 5
-
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
-
Password-protected archive handoff high SE_PASSWORD_ARCHIVE_LUREDocument gives password instructions for an archive or attachment — often used to keep payloads encrypted until after gateway scanning
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://pelibifir.ru/award?keyword=fundamentos+de+caldeiraria+e+tubula%25C3%25A7%25C3%25A3o+industrial+pdf PDF link annotation
- http://lavka-karamel.ru/gusopanigujuzo2r8.pdfIn PDF document text
- http://fsfsfd.xyz/fitasatigaxifebegu813z1.pdfIn PDF document text
- https://kuxiwidozerapi.weebly.com/uploads/1/3/4/7/134728536/3ce636ba74e92f5.pdfIn PDF document text
- https://moxuronanupew.weebly.com/uploads/1/3/4/5/134597487/2060764.pdfIn PDF document text
- http://supariwepexafat.mywebcommunity.org/what_does_classification_of_word_mean_in_root.pdfIn PDF document text
- http://nigoguno.scienceontheweb.net/82586152915.pdfIn PDF document text
- http://duwelizub.mywebcommunity.org/65223641361.pdfIn PDF document text
- https://wopinifem.weebly.com/uploads/1/3/4/8/134884590/765e58846de997.pdfIn PDF document text
- https://naxaletuzo.weebly.com/uploads/1/3/4/5/134508506/2473810.pdfIn PDF document text
- http://usersdeviceprotectionservice.site/call_of_cthulhu_7er4uxt.pdfIn PDF document text
- https://rezibufebaxiban.weebly.com/uploads/1/3/2/6/132695258/loloxenode.pdfIn PDF document text
- http://bristol-yalta.run/tawuruxipopogoluhk9bq.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- http://www.daltonmaag.com/In PDF document text
- https://uploads.strikinglycdn.com/files/33a3e8d5-8edb-42e7-8483-8cfcc1e62824/bayliner_element_16_owners_manual.pdfIn PDF document text
- https://0dea665b-aaaa-42f3-a52c-f86f0fd1efa2.filesusr.com/ugd/8b9728_af6bf56aaa1a4ef09437f59418137cae.pdf?index=trueIn PDF document text
- https://070488ba-e3d9-4c74-834b-445551f5513c.filesusr.com/ugd/fb83f1_3db1d685d88146f58d2bfdacd33f07f4.pdf?index=trueIn PDF document text
- https://ce3a146a-d504-4efb-981c-4593fb85d965.filesusr.com/ugd/5b5da7_5792d97d206b463a85fd4335daa0c90b.pdf?index=trueIn PDF document text
- https://083189c9-8220-4687-a375-57be19a37228.filesusr.com/ugd/909b15_076c4c3b954d46e0a7d9324aaaf87b87.pdf?index=trueIn PDF document text
- http://xowobovu.myartsonline.com/widuzidebipovuxiperanu.pdfIn PDF document text
- https://0e818273-c791-4c7a-b20f-750474b78fe4.filesusr.com/ugd/362633_ed148136e0f94f91a253e2d6589dcd8b.pdf?index=trueIn PDF document text
- https://dae57379-2785-4108-a223-4562ecbfc22e.filesusr.com/ugd/87ad98_63f8c19313b9425d8d4a9ca37e2e3403.pdf?index=trueIn PDF document text
- https://0879403c-3be5-48e4-925f-21334a7d5cfe.filesusr.com/ugd/407fcc_035b2ec95b354e89892bd9de143bba80.pdf?index=trueIn PDF document text
- https://uploads.strikinglycdn.com/files/9cf2bb2e-bfad-42c3-89d2-b561bf04d16f/19733658999.pdfIn PDF document text
- https://15319a82-8c66-4906-b3c2-464277991f2b.filesusr.com/ugd/070acf_38b56afae9414b98932978ad5653a0f2.pdf?index=trueIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 4
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00049433.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x49433 | 5776 bytes |
SHA-256: dbfc0c30fd8b611e5bf0944d707ed182ee3af4db7d9b99704d76a6efd03d48bf |
|||
font_01_sfnt_off0004a6a2.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x4A6A2 | 1188 bytes |
SHA-256: d3d231495597af5711920d393cff225ac786ee6cbe8e23216d4c3e2b5c9499f8 |
|||
font_02_sfnt_off0004ad77.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x4AD77 | 19272 bytes |
SHA-256: f11140a242fc75880ec0483a96b22a0f5cc5265293d226b3fba200e05fa8a986 |
|||
font_03_sfnt_off0004e3fd.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x4E3FD | 4324 bytes |
SHA-256: 0d0f64e27578eb124b8bc81c7eceacdd166e22eddd95c81328e9fbd7de2a6333 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.