MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The file is identified as malicious by ML classifiers and ClamAV, with a critical heuristic firing for ClamAV detection. An external URI pointing to 'leonvi.ru' was extracted, suggesting a phishing or malware distribution attempt. While no scripts were explicitly extracted, the PDF structure and the presence of an external URL indicate a likely attempt to redirect the user to a malicious site, potentially for further exploitation.
Machine Learning
- Nyx PDF Classifier malicious score 0.9796
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://leonvi.ru/award?keyword=an%25C3%25A1lise+sint%25C3%25A1tica+visual+ernani+pimentel+pdf
- https://cdn-cms.f-static.net/uploads/4408707/normal_604cd898aaff8.pdf
- https://static.s123-cdn-static.com/uploads/4473062/normal_5fc924ecd8845.pdf
- http://politach.com/2875143173ohgmt.pdf
- http://lifeit.pro/wodugiwakariwevkur0h.pdf
- https://static.s123-cdn-static.com/uploads/4392656/normal_5fcd8ce9a2906.pdf
- http://terem.space/luvigajewukuu8q8o.pdf
- https://static.s123-cdn-static.com/uploads/4491152/normal_600704e55b6e8.pdf
- https://cdn-cms.f-static.net/uploads/4392871/normal_603e8ee573bcb.pdf
- http://wonder-ita.space/9698604283369e87.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- http://gonefuxirazu.rf.gd/ignou_tentative_date_sheet_2018.pdf
- http://bavufupuvamopaf.atwebpages.com/test_de_canales_de_comunicacion.pdf
- http://jokubamobivavum.onlinewebshop.net/73592158190.pdf
- http://tuvixivo.epizy.com/tejojefasukerutafaloje.pdf
- http://saderure.rf.gd/autocad_2017_student_version_free.pdf
- http://zunuwovadete.epizy.com/volume_of_combined_rectangular_prisms_worksheets.pdf
- http://ladurabazidema.onlinewebshop.net/caricature_drawing_book.pdf
- http://desovizipelo.onlinewebshop.net/99603818270.pdf
- http://xupuminepozil.rf.gd/jalodadinaxawubekasag.pdf
- http://dozopedatofol.atwebpages.com/union_jack_bunting_template.pdf
- http://scripts.sil.org/OFL
- http://dejavu.sourceforge.net
- http://dejavu.sourceforge.net/wiki/index.php/License
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000ddf1.bina336bb2e108957fbd481885884ad046341927f7402cf9c904f8928e8cab67f16 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xDDF1 | 5584 bytes |
font_01_sfnt_off0000f056.bin118dd7c51f13c200feb0aa7cb87b2320fd6d1ea5e1498352924771fba9062673 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xF056 | 13044 bytes |
font_02_sfnt_off000117b2.bine93acd332f5893643511f4cefd38969ad5c744ad1b08842a788b6be7d277dd15 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x117B2 | 16204 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.