MALICIOUS
74
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF file is identified as an image-only lure, typical for phishing attacks. It contains external URIs pointing to suspicious domains. The ML classifier also flagged this PDF as malicious. The document body is heavily obfuscated and does not provide clear textual clues, but the overall structure and heuristics strongly suggest a malicious intent to redirect the user to one of the provided URLs.
Machine Learning
- Nyx PDF Classifier malicious score 0.5121
Heuristics 4
-
Image-only document with action trigger (screenshot lure) medium PDF_IMAGE_LUREPDF has 1 image(s), only 0 text block(s), carries a click-outward action, and is only 120 KB — typical shape of a phishing lure where a full-page screenshot hides a clickable button that launches or submits to an attacker URL.
-
Image-only PDF lure with a single link to a non-reputable host medium PDF_IMAGE_LURE_NONREPUTABLE_LINKPDF is image-heavy with little real text and its only clickable action is a single external link to a host that is not known-good. This is the canonical malspam carrier shape — a screenshot-like 'click to view' page whose sole purpose is to funnel the victim to one redirect/landing URL on a compromised or throwaway domain. Flagged suspicious rather than malicious because the link alone (no shortener / typosquat / brand path) is the only corroborator beyond the image lure.
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://c0hqb9j.iyk PDF link annotation
- http://xhalaof.sed.n2dubai.comIn PDF document text
Open this report in the interactive analyzer, or submit your own file for analysis.