MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The file is a PDF with a high ML classification score and a ClamAV detection indicating it is a phishing trojan. It contains an embedded URI pointing to a suspicious domain, 'botokaw.ru', which is likely used to host malicious content or redirect the user. The document body, though heavily obfuscated, suggests a lure related to 'Islamic architecture', potentially to trick users into downloading a payload.
Machine Learning
- Nyx PDF Classifier malicious score 0.9998
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://botokaw.ru/aws?utm_term=towards+understanding+islamic+architecture
- https://cdn.sqhk.co/naziwixolagu/h8jihiD/jotik.pdf
- https://cdn.sqhk.co/wokiwife/zsjdggY/gunidofekazuzisigi.pdf
- https://cdn.sqhk.co/remudejifi/i2hiCid/wwe_wrestlers_undefeated_at_wrestlemania.pdf
- https://cdn-cms.f-static.net/uploads/4452834/normal_5fe8bf3a4882d.pdf
- https://static.s123-cdn-static.com/uploads/4389824/normal_5fdfc31136344.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://s3.amazonaws.com/xilasisefi/vugetevojabitepepibe.pdf
- https://uploads.strikinglycdn.com/files/514171b6-7938-4971-adf7-f8f49ed3c27e/disney_world_florida_dining_plan_2021.pdf
- https://uploads.strikinglycdn.com/files/0de835c8-2926-448a-8c6b-22e3bd7a00fd/the_lightning_thief_graphic_novel_read_online.pdf
- https://s3.amazonaws.com/fedufiporara/counterintelligence_awareness_and_reporting_course.pdf
- https://s3.amazonaws.com/zetituri/bless_online_early_access.pdf
- https://s3.amazonaws.com/baxunaf/wipibiwolanukexi.pdf
- https://s3.amazonaws.com/julexekubaj/81209505499.pdf
- https://uploads.strikinglycdn.com/files/dde2d7ef-d062-4b89-9299-45203741eb40/zinebalabi.pdf
- https://s3.amazonaws.com/wibedubosateg/19636547670.pdf
- https://s3.amazonaws.com/boxujetanonikuv/kaashi_amarnath_video_song_tinyjuke.pdf
- https://s3.amazonaws.com/bipepezuwed/vatobekikigop.pdf
- https://s3.amazonaws.com/tuxalowafokuvo/biomedical_waste_management_amendment_rules_2019.pdf
- https://s3.amazonaws.com/jevelel/dekoron_cable_catalog.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000f06b.bin025dfe247720b7a10bdc5f261d2b8cbd0c82bda010c3365c11f463f71a819213 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xF06B | 5396 bytes |
font_01_sfnt_off000102ab.binbe44d110dd1ebb8591cd073e75c45da7c812edfd86fd973e11560e69aaccec29 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x102AB | 10920 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.