MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF file contains an embedded URI pointing to a suspicious domain, which is likely part of a phishing or social engineering attempt. The ML classifier and ClamAV detection strongly indicate malicious intent, classifying it as a phishing trojan. The document body, though heavily obfuscated, contains text related to 'how to use laplink pcmover', suggesting a lure to a malicious URL.
Machine Learning
- Nyx PDF Classifier malicious score 0.9993
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://queure.ru/pbw?utm_term=how+to+use+laplink+pcmover PDF link annotation
- https://cdn-cms.f-static.net/uploads/4410443/normal_606db9284e14b.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4365567/normal_601490c63098b.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4376629/normal_601958495b6e0.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4369323/normal_5fe7bf8e41aed.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4404987/normal_60bac8b2572b4.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4427523/normal_602a25070cfe9.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4452385/normal_601ad233c00ab.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4481520/normal_5fe152bf43836.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- http://gaxoxim.pbworks.com/f/sanky_panky_2_hd.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/654b55e8-fb45-43a0-af56-e5d2192565a3/journey_to_the_center_of_the_earth_1959_music.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/237af6de-1185-48e2-b96a-801f65165017/18068940178.pdfIn PDF document text
- http://mutatalibo.pbworks.com/w/file/fetch/144652407/how_to_get_free_skins_in_fortnite_nintendo_switch_no_human_verification.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/baf76b0a-897f-4e7b-8984-bc4baf82f3e8/movie_based_on_the_love_dare.pdfIn PDF document text
- http://fetinaduv.pbworks.com/f/97650148942.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/e4d197e6-c0d6-4798-8b72-978e0525a68d/96332685664.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/a7195712-bdf4-4820-9392-1579ad960076/hello_adele_song_worksheet.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/715a971b-0472-489d-8c8a-4055e1814940/ac_repairing_guide_hindi.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/dd69cfc2-442e-49f1-bc5f-37e8e952ed43/ranco_etc_2_stage.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/27f98d75-2b88-43e8-afde-8d3a04e89105/estudios_biblicos_adventistas_online.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/77eef988-4acd-41a2-b8ec-4f6df0093cda/amelie_comptine_dun_autre_t_guitar_tab.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/9ade6d2a-f2a8-4d7d-8b9b-4a9cd8888280/how_to_activate_my_windows_10_pro_for_free.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/59c0e179-6b35-4e8c-a2c6-2e9d63a570e8/the_vampire_diaries_logo_svg.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/81d861e5-daf1-47e5-bd8f-20030bd4af6a/fogunezugaxozozipax.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000d8ed.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xD8ED | 5256 bytes |
SHA-256: 7eeb927808d43b4ea067c2a928d3ad58ec2718f8fd4c6200ebea055d52a4b80f |
|||
font_01_sfnt_off0000eacf.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xEACF | 10860 bytes |
SHA-256: eec903c5d7c99a77a301f7aebc668b6a5f73d9914b4562570fb5c45f818410a3 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.