MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The file is identified as malicious by ClamAV and an ML classifier, with a high risk score. It contains an embedded URI pointing to a suspicious domain, likely intended to host a phishing or malware payload. The document body, though heavily obfuscated, suggests a lure related to 'pneumatic tires and wheels'. No scripts were extracted, but the presence of an external URI and the nature of the ClamAV detection indicate a phishing or trojan distribution attempt.
Machine Learning
- Nyx PDF Classifier malicious score 0.9998
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://bologen.ru/award?keyword=pneumatic+tires+and+wheels+pdf
- http://wuxixezigitezir.mygamesonline.org/38027966734.pdf
- http://lishop.site/chunky_platform_sneakers_90svr1ly.pdf
- http://farunoraxukiz.getenjoyment.net/58345465180.pdf
- http://vinnipoh.fun/bug_out_bag_gunsil00c.pdf
- http://mejarada.iblogger.org/kerala_university_bsc_physics_syllabus_2018.pdf
- http://kovamuwaropepu.getenjoyment.net/61336307148.pdf
- http://zubiki.top/what_is_the_difference_between_effectiveness_and_efficiency_in_managementa0ssp.pdf
- http://valigulepi.scienceontheweb.net/how_to_connect_brookstone_wireless_speakers.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- http://sujexopeb.rf.gd/dekomuwimijeweb.pdf
- https://68358877-4ee6-4e53-94f7-4bd9665c1f53.filesusr.com/ugd/3bbd68_2fc5f376beeb4e669ca10d97cf3658dc.pdf?index=true
- http://saninov.epizy.com/47260131921.pdf
- http://gurebuvijo.epizy.com/xetuz.pdf
- https://uploads.strikinglycdn.com/files/b46b5b23-6fec-4049-8105-4a298a539291/what_does_hvlp_spray_gun_stand_for.pdf
- https://uploads.strikinglycdn.com/files/10ddddb0-2832-4a1a-a745-e99b5aef8752/26019744988.pdf
- https://e05653fc-386e-4c8b-889d-738aee72c63e.filesusr.com/ugd/62421a_d46463f066ac49a3bd49ad3530a8dea9.pdf?index=true
- http://xofunuxemijowex.rf.gd/akc_how_to_read_dog_body_language.pdf
- http://nosatezugizixi.epizy.com/60595587405.pdf
- http://folusezik.epizy.com/40709330525.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000d750.bin25db9d9fff262c368393c02e261586bcd0155dae875921b4f75215cefc7831e4 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xD750 | 5488 bytes |
font_01_sfnt_off0000e9dc.bin92aa763b575acb0b9ba23a579b5ec042ab77d504d582c96e48eb6bd18e25dbab |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xE9DC | 10248 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.