MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The file is a PDF document identified as malicious by ML classifiers and ClamAV. It contains an embedded URL pointing to a suspicious domain, likely intended for phishing or malware distribution. The document body, though heavily obfuscated, suggests a lure related to an 'accident report form'. No scripts were extracted, but the presence of an external URI and the ML detection strongly indicate a malicious intent to redirect the user to a compromised site.
Machine Learning
- Nyx PDF Classifier malicious score 0.9993
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://fokemale.ru/award?keyword=esi+accident+report+form+12+pdf PDF link annotation
- https://static.s123-cdn-static.com/uploads/4369317/normal_60080b1f43ca2.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4476416/normal_60025a2122cb9.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://uploads.strikinglycdn.com/files/000aa8b6-b42b-45bb-b074-a96bf21ba7ee/black_ice_car_freshener_smells_like.pdfIn PDF document text
- https://s3.amazonaws.com/dibedamoka/23835312110.pdfIn PDF document text
- https://s3.amazonaws.com/musokejixami/12098728631.pdfIn PDF document text
- https://s3.amazonaws.com/jeponowon/bokepinetosijupi.pdfIn PDF document text
- https://s3.amazonaws.com/fejakixoweka/libro_de_balance_de_comprobacion_formato.pdfIn PDF document text
- https://s3.amazonaws.com/nodetuxapabara/what_books_are_different_in_catholic_bible_and_protestant.pdfIn PDF document text
- https://s3.amazonaws.com/lupebesu/diduw.pdfIn PDF document text
- https://s3.amazonaws.com/jazofi/what_is_the_voice_bible.pdfIn PDF document text
- https://s3.amazonaws.com/xumakomowi/music_an_appreciation_9th_edition_access_code.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/24ca249e-f665-44fe-8e18-f747b63de54b/how_to_join_special_operations_engineer_regiment.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/922fd3be-8c1b-4796-b29d-df643313eb34/89298316904.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/96975f54-de37-4e6d-bdf0-b95b9f937423/vokirofijemawotufuzi.pdfIn PDF document text
- https://s3.amazonaws.com/timituvupame/what_is_the_average_salary_for_a_junior_project_manager.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/690180e2-dc21-44d5-9d6e-4809ca47e36f/74854275743.pdfIn PDF document text
- https://s3.amazonaws.com/nojemi/avg_for_windows_7.pdfIn PDF document text
- https://s3.amazonaws.com/zusevamasor/valunaputilagazasosomizok.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/8af3e7b7-fe1f-461c-bc2a-b1eea009f255/59699705608.pdfIn PDF document text
- https://s3.amazonaws.com/gezetega/romolakudeved.pdfIn PDF document text
- https://s3.amazonaws.com/tonemakopinibem/wiperufadosigi.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/c1b5a0be-f095-4637-98ef-5fa851c445b6/how_much_is_john_grisham_worth.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/eca5b93a-8858-461c-a4c9-b46fc7b45076/songs_missing_from_itunes_on_pc.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000efbd.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xEFBD | 5412 bytes |
SHA-256: fb24fd6fd5bd9fe15f617eb704d719e0be69533d64bf6390c6a6856ea7e41ff6 |
|||
font_01_sfnt_off00010214.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x10214 | 10668 bytes |
SHA-256: df53bd5d446e81b2c51243ebd7966c5bfd8d285dcc58ec06dc4afc6a606dcf62 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.