SUSPICIOUS
34
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
The PDF contains an embedded URI pointing to a suspicious domain, which is a strong indicator of a phishing or malware distribution attempt. The ML classifier also flagged this PDF as malicious with high confidence. While no scripts were explicitly extracted, the presence of an external URI suggests an attempt to redirect the user to a malicious site, likely for further exploitation.
Machine Learning
- Nyx PDF Classifier malicious score 0.9982
Heuristics 2
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://ruqvarq.ru/?b1Ls&keyword=ir2121+%D1%81%D1%85%D0%B5%D0%BC%D0%B0&charset=utf-8 PDF link annotation
- http://fastpic.ru/In PDF document text
- http://www.liveinternet.ru/clickIn PDF document text
- http://img1.liveinternet.ru/images/attach/c/5//4183/4183243_urok_3.pdfIn PDF document text
- http://img1.liveinternet.ru/images/attach/c/5//4183/4183191_ladinec_shema_vuyshivki.pdfIn PDF document text
- http://img1.liveinternet.ru/images/attach/c/5//4183/4183244_proekt_dachnogo_domika.pdfIn PDF document text
- http://www.microsoft.com/typography/fonts/In PDF document text
- http://www.microsoft.com/typography/fonts/YouIn PDF document text
Extracted artifacts 6
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00023bc7.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x23BC7 | 3556 bytes |
SHA-256: 880e53e6f12106514012eaabb19a261b9f8ae03d695445fc59a5b9b5a1293281 |
|||
font_01_sfnt_off0002494a.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x2494A | 14720 bytes |
SHA-256: ec07fd45724b730ebe820d08ac1aaf87d7c65318c5de1aa3ab352f8ba5a6b18b |
|||
font_02_sfnt_off00027741.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x27741 | 14532 bytes |
SHA-256: 0cfcc8a7a6088bc4041789d034b29692ada7bf7cb7ea30d5c8e1f7646728f7ab |
|||
font_03_sfnt_off0002a22e.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x2A22E | 5884 bytes |
SHA-256: a8696d8c2bd510a59967946d7f6a76dda15d5ac122b08fc5a4855eab3811453f |
|||
font_04_sfnt_off0002b285.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x2B285 | 6084 bytes |
SHA-256: 819f9cc5156bfe3dae03045446d677a19b5879270357875344f9514601da73e3 |
|||
font_05_sfnt_off0002c21a.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x2C21A | 3752 bytes |
SHA-256: 9364d8c42993f0db1eb41a63b15a48dd56cef5056a611ab8e91dd81183a5a95e |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.