MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF document contains an embedded URI that directs users to a suspicious domain, likely for phishing or malware distribution. The ClamAV detection and ML classifier strongly indicate malicious intent. While no scripts were explicitly extracted, the presence of external URIs within a PDF often implies an attempt to execute embedded JavaScript or exploit a vulnerability to download and run a second-stage payload.
Machine Learning
- Nyx PDF Classifier malicious score 0.9997
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://vilenefex.ru/123?utm_term=cghs+card+form+for+pensioners
- http://pet-guru.shop/qu_es_la_tiroides_y_en_que_afecta6pvt7.pdf
- https://cdn.sqhk.co/letarezetap/6hdigjb/calligraphy_fonts_free_marathi.pdf
- http://andyhong.blog/steel_tank_weight_calculator_excel8j0xl.pdf
- http://womenit.space/xovejupa5jvi4.pdf
- http://lightly.store/bjarne_stroustrup_c_programming_languagev17mr.pdf
- http://islta.fun/gonadexalogazeloniwidalut299f8.pdf
- https://cdn.sqhk.co/xalurubizud/FjdOxE5/word_swipe_puzzle_apk_download.pdf
- http://tesar-krd.ru/97842492694w0nsg.pdf
- http://future-techno.ru/how_much_does_a_tracfone_cost_at_walmartfrhdm.pdf
- http://fherixq.com/fipuxibusegev9yn1.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- http://www.daltonmaag.com/
- http://pisironebininuw.rf.gd/69545919821.pdf
- http://nibijifituvi.epizy.com/15269893571.pdf
- http://samitis.rf.gd/34538024058.pdf
- https://98be45bc-63b9-4117-aff7-84a3d4f2c4a0.filesusr.com/ugd/90c678_ccc33a340377442e8c3fe9a62e2239db.pdf?index=true
- https://917ed8d3-8a9f-4c5c-a3ad-554e533308ad.filesusr.com/ugd/a4e402_79f9d413adf7434da208da8800935aae.pdf?index=true
- https://6da1ed31-7a22-45b0-8bc5-463d376071ee.filesusr.com/ugd/29fbaf_c2b42d4f40424481b0d2e460668e8fa2.pdf?index=true
- https://e905a76e-7bc1-418c-be29-e8eda1603e86.filesusr.com/ugd/3fb32a_313a041accbf4941a9ed64a32c4b0b7f.pdf?index=true
- http://watafewajur.rf.gd/lopegeloxibil.pdf
- https://81da36f4-dec6-4bf4-836b-19ed67500659.filesusr.com/ugd/5fd5c1_ca0f0645628d40cd8382831841ab267f.pdf?index=true
- http://dalufiba.rf.gd/13504262212.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000df56.bin98fca60cb702e7bb3e48de408cdc1a06d2e202ab2a31a591a0a1a95ceb90cc84 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xDF56 | 5268 bytes |
font_01_sfnt_off0000f114.bin8bc49a4a67a3d57437736fc0c077472d81e98076ce83e91294c7f1abcb44ab53 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xF114 | 10800 bytes |
font_02_sfnt_off000115f4.bin7f6049e5011acf0e8581793f2bc2bb947aac2929fdb77abc318b2a6155c1ef71 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x115F4 | 4324 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.