MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF file was detected as malicious by ML classifiers and ClamAV, specifically flagged as a phishing trojan. It contains numerous embedded URLs, with one prominent URL suggesting a lure related to an 'answer key'. The presence of these URLs and the overall detection indicate a phishing or malware distribution attempt, likely using the document as a lure to redirect users to malicious sites.
Machine Learning
- Nyx PDF Classifier malicious score 0.9998
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://lozipotod.ru/wix?keyword=october+sky+answer+key
- http://feelslike35.com/racial_formation_in_the_united_statessexry.pdf
- http://makamar.online/letamomivefleu4.pdf
- http://znasila.ru/mogabubekedevagipigoveg12u9.pdf
- http://mabay.fun/xedojupemetakizasulonorotd2ya3.pdf
- http://ipoteka.net/57057384299915us.pdf
- http://lnstagramoriginal.com/what_are_some_common_themes_in_literatureiita9.pdf
- http://raffle.website/megosubanivaboniqvs.pdf
- http://meetchambre.xyz/darigijevitofirildmnue.pdf
- http://supermagazforsale1.xyz/403283006548fuh0.pdf
- http://vipmanmarket.space/white_low_top_air_force_ones_near_mewbakb.pdf
- http://ita-talia.fun/exponent_simplification_worksheet8jr9q.pdf
- http://hocostyle.ru/cuantas_litros_tiene_un_metro_cubico_de_agua7ar74.pdf
- http://rostov-mobile-doctor.ru/83066186324ln4fz.pdf
- http://mosdendy.store/spin_art_wind_spinnerd6qf7.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://5b0e1d79-1acc-45ba-a965-31015372eee8.filesusr.com/ugd/67f5f7_cd43b5a872f1422fbd871f12408ccabe.pdf?index=true
- https://1b15a19f-c8c2-4d9d-8c2f-e97aa7ecfe2c.filesusr.com/ugd/eb6c48_6d8a62383a36438e8bf1925d7fe0893e.pdf?index=true
- https://uploads.strikinglycdn.com/files/3acc244d-2ecc-4923-b742-933f47fb0bf5/sojadosafogava.pdf
- https://uploads.strikinglycdn.com/files/ffffd69b-9062-4a7b-9c30-531666ff2359/50357393075.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00012038.bin8bfa5e8506bbac3c936082abc53af3c27612f4f6da0a2be8ee2b80dca5530909 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x12038 | 5188 bytes |
font_01_sfnt_off00013205.bin7f22944f505e58d780f7b389be9acb1dab1416834e86ddaa74b0ac48bb7c7a13 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x13205 | 10688 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.