MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF file was detected as malicious by ML classifiers and ClamAV, specifically as a phishing trojan. It contains an embedded URL that appears to be part of a phishing lure, disguised as a search result for a technical query. No scripts were extracted, but the presence of the malicious URL and the nature of the detection suggest a phishing attempt to redirect users to a malicious site.
Machine Learning
- Nyx PDF Classifier malicious score 0.9992
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://crophysi.ru/strik?utm_term=what+are+the+symptoms+of+a+bad+egr+sensor
- https://cdn.sqhk.co/vavapezami/miggghc/7_little_words_answer_key.pdf
- https://cdn.sqhk.co/walekikem/ibIFKib/rubigovi.pdf
- https://cdn-cms.f-static.net/uploads/4415964/normal_6067c136b8062.pdf
- http://kifopelidito.mypressonline.com/english_b1_level_vocabulary.pdf
- https://cdn-cms.f-static.net/uploads/4378390/normal_601bc23e4f79f.pdf
- http://rupiwot.getenjoyment.net/65955310106.pdf
- http://lazerepil.site/dagezetewodipixetolevurey6c78.pdf
- http://covidcapsule.world/barijomepuprkqbd.pdf
- http://ru-1.casa/96441115753z8jx5.pdf
- http://ligexekena.mywebcommunity.org/arduino_uno_led_projects.pdf
- https://cdn-cms.f-static.net/uploads/4459929/normal_60434ce0748d5.pdf
- http://sepukolobu.sportsontheweb.net/pujuvifenesugafafagikuxid.pdf
- http://buylettersonline.com/33925756737nw18q.pdf
- http://insuranceautousa.com/niwegoloxidojamahvtv9.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://uploads.strikinglycdn.com/files/7af19316-5cca-4445-875c-739ebb6f6995/redimi2_y_christine_dclario_el_nombre_de_jesus_letra.pdf
- https://uploads.strikinglycdn.com/files/0e3e61f1-b895-426c-8779-1420c2951204/16219865245.pdf
- https://s3.amazonaws.com/fosagobomap/75223199475.pdf
- https://s3.amazonaws.com/babuxufarizuxur/3593888696.pdf
- https://uploads.strikinglycdn.com/files/c93b751d-291b-4c82-b881-b4e9490593ce/learn_korean_with_bts_pen.pdf
- https://uploads.strikinglycdn.com/files/d61e0311-5753-42c6-ab0d-9d64d83964d9/how_do_i_desire_god_more.pdf
- https://s3.amazonaws.com/makumapikeze/fc_barcelona_song.pdf
- https://uploads.strikinglycdn.com/files/3832be51-43f6-43f5-9431-af4099fb5f9a/spyhunter_4_full_download.pdf
- https://s3.amazonaws.com/mizeteb/bleacher_report_top_100_nba.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000f315.bin28809725e88ad483b6c193ec759560072e4fa4cb38627397003516bb09fb2c3d |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xF315 | 5676 bytes |
font_01_sfnt_off00010646.bin350c2e272c72b2297b3c05ab69cb26d335a87d4bec22879aba61454c6822120a |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x10646 | 10944 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.