MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF file contains heuristics indicating it is malicious and a phishing attempt. It embeds a URL that mimics search results for a popular TV show, likely to trick users into clicking it. The ML classifier and ClamAV detection strongly suggest malicious intent, classifying it as a phishing trojan.
Machine Learning
- Nyx PDF Classifier malicious score 0.9990
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://jumiwimov.ru/123?utm_term=californication+season+5+subtitles PDF link annotation
- http://esportzmlevent.com/96744691533e3tvq.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4366351/normal_5fdce2a7d861f.pdfIn PDF document text
- http://20970907.net/99901948305v2nhv.pdfIn PDF document text
- http://50offshop.info/52976245769wavkk.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4473632/normal_60483d5baee9f.pdfIn PDF document text
- http://xtina.online/31487005737gnfz8.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4474222/normal_602f58e51e24c.pdfIn PDF document text
- http://zokazurimila.mygamesonline.org/adj_order.pdfIn PDF document text
- http://volalagokiva.sportsontheweb.net/organismo_legislativo.pdfIn PDF document text
- http://nubemeketetu.mypressonline.com/all_animal_photo.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4368475/normal_5fdea2196a02e.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4420597/normal_600e0806418e3.pdfIn PDF document text
- http://wipunemobak.mygamesonline.org/subordinating_conjunctions_worksheet_6th_grade.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://s3.amazonaws.com/vunizi/cub_scout_bear_book_2018.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/54735c5f-7c82-4170-b9ce-15b54790d304/honda_rebel_250_for_sale_near_me.pdfIn PDF document text
- https://s3.amazonaws.com/sefepugolupalax/chemotherapy_extravasation_guidelines.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/c40f955e-4b11-41c6-b58d-263200cb4189/hp_elitedesk_800_g1_tower_price_in_india.pdfIn PDF document text
- https://s3.amazonaws.com/muxegeza/60522280237.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/14977c84-d2b1-40a2-84c0-46e5390366e9/82138943579.pdfIn PDF document text
- https://s3.amazonaws.com/vezumobigodub/34933583506.pdfIn PDF document text
- https://s3.amazonaws.com/punurum/piche_barati_aage_band_baja_video.pdfIn PDF document text
- https://s3.amazonaws.com/gixawetopoli/25958678226.pdfIn PDF document text
- https://s3.amazonaws.com/wifukedot/object_oriented_programming_with_visual_basic_net_michael_mcmillan.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000100aa.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x100AA | 5904 bytes |
SHA-256: 31344f5fc32ca79cda44858a56ba8d78796d107e19c32b277a69d0a9b9d446d5 |
|||
font_01_sfnt_off0001151c.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1151C | 5044 bytes |
SHA-256: c661f6c61540ce131cff2044007ee54664d3f8d11ffdbc2b53728560ae8e4399 |
|||
font_02_sfnt_off00012656.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x12656 | 13088 bytes |
SHA-256: d067455704c8cd6b13b7a0db457564ab98a17e5945c36643df0a6119daaa7bc0 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.