MALICIOUS
66
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The file is identified as malicious by ClamAV with a 'Pdf.Phishing.Trojan' signature. It contains an embedded URI pointing to a suspicious domain, likely intended to trick the user into downloading a payload or visiting a phishing site. The document body, though heavily obfuscated, contains text that appears to be a lure related to 'Chimaira resurrection'.
Machine Learning
- Nyx PDF Classifier clean score 0.1590
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://resalured.ru/123?utm_term=chimaira+resurrection++rar PDF link annotation
- https://static.s123-cdn-static-d.com/uploads/4408002/normal_60b617e04a607.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4385217/normal_6039fdc4c3794.pdfIn PDF document text
- https://rufamuvobaj.weebly.com/uploads/1/3/4/7/134720601/vutezufifesuz_pogakoridenan_voforoxa.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4477910/normal_5fe3f7749cfa5.pdfIn PDF document text
- https://fozikevogakol.weebly.com/uploads/1/3/1/4/131437046/8498528.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4381102/normal_6008096b74cc4.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4403129/normal_605d17a0898ab.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://uploads.strikinglycdn.com/files/e089e995-e751-4341-9307-92c1c0c36bc5/17020750395.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/0e7e0d01-9315-4783-a211-a89287045958/hp_laserjet_p1006_driver_for_windows_7_64_bit_download.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/8cabbc8d-408f-421b-acbf-178506eed4f2/xawenirika.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/36f1be77-fc87-4278-8f6d-21ac75dd8292/how_to_reset_dash_air_fryer.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/8ac2b981-3580-4fed-a516-bae59234ba38/65952666584.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/162f7a13-28aa-44eb-8f4c-c83aa1063e9a/wowafirexer.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/a1cbfab1-ac15-4944-b454-da505ec003fe/91768851979.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/f87a0323-b917-448a-9082-a71636685861/jokepabi.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/aec40173-9ad6-4835-ba96-2cd521fdc551/nail_shops_open_in_clinton_ms.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/f78e8937-9dbd-45c4-81a6-80520357c869/acordes_de_titanic_para_piano.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/3330076b-f5d3-4f38-a6d2-ae5f699338c1/evaluation_cm1_adjectif_qualificatif.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/a682858b-73a6-4955-8b81-e7e7ff9efd19/96396436706.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/691e3ddb-702f-4f0b-80f6-59653e448a66/wgn_america_news_nation_comcast.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/6b4abf8a-5b1a-4c1d-95a4-07cdf159d80e/desoxitevijunamogixage.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/f5e86459-bcd6-49d7-bfd2-1925ca80ec77/how_to_apply_for_a_prepaid_electricity_meter_in_durban.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/6b399c2e-6c43-4443-af06-92e0d5c651c9/97277398404.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/4a6ac08a-b292-4b13-998d-ec994798a2b3/doxusofujefaxagalom.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/f4c9a8a0-fc7b-4e62-9fe2-dddfddcc032b/ejercicios_resueltos_de_momento_de_inercia_fisica.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/d738981a-7711-4cf3-8382-33fad637523c/xajawitukifopejuwel.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000e9cda.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xE9CDA | 4912 bytes |
SHA-256: 4f6d620bc858b9facb4dca9c6bf33b2630fb15c1a340492628a353a491581471 |
|||
font_01_sfnt_off000ead5f.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xEAD5F | 23788 bytes |
SHA-256: 79205fff88c3c6a02560c12755963671f91a8f3322117d966d898112054369cc |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.