MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF file was detected as malicious by a machine learning classifier and ClamAV, indicating a phishing or trojan payload. It contains an embedded URI pointing to a suspicious domain, likely intended to redirect the user to a malicious site. No scripts were extracted, but the presence of the embedded URI is a strong indicator of a phishing attempt.
Machine Learning
- Nyx PDF Classifier malicious score 0.9993
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://leonvi.ru/strik?utm_term=how+to+make+wands+of+horus PDF link annotation
- https://cdn-cms.f-static.net/uploads/4390381/normal_5fd233785b126.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4418746/normal_600012df889e8.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4386605/normal_603d672573400.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://s3.amazonaws.com/xukonakefules/sample_eeo_report_component_2.pdfIn PDF document text
- https://s3.amazonaws.com/gajakelegeza/who_sang_the_original_version_of_moon_river.pdfIn PDF document text
- https://s3.amazonaws.com/ratixifo/7648595694.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/baf12885-d7c1-4aa3-a362-2cf92a221d9d/linksys_router_wrt160n_v3_specs.pdfIn PDF document text
- https://s3.amazonaws.com/pusixa/best_emulator_for_android_to_play_pubg.pdfIn PDF document text
- https://s3.amazonaws.com/faluzotixupi/62891802603.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/3498f089-a4e3-4cb4-951b-858ac4e3eaa5/88567458866.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/fc4773f2-5ccc-4159-98ad-62e7efe0bf1e/24430497044.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/b05eb103-59b0-45d7-87f5-c1d9d57bbdd3/gefuj.pdfIn PDF document text
- https://s3.amazonaws.com/faxaxos/69275086883.pdfIn PDF document text
- https://s3.amazonaws.com/ropidadegaxut/mileage_expense_spreadsheet_template.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/d23604d5-c162-428b-b25e-a126f63c832d/92324993097.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/4d8a3755-2c4a-4206-b081-929003a1f9a6/how_to_install_paper_in_canon_p170-dh.pdfIn PDF document text
- https://s3.amazonaws.com/jefobexapulow/fewexubovom.pdfIn PDF document text
- https://s3.amazonaws.com/doxifuba/76426712926.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/7f2251dc-ccc9-49f5-9068-d1c286280bc4/xoxulevaximumobe.pdfIn PDF document text
- https://s3.amazonaws.com/nabifovu/brightness_control_windows_xp_free.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/498fe1ad-cd17-415b-91d9-928cffe3229a/714235632.pdfIn PDF document text
- https://s3.amazonaws.com/bolovopizonuki/clarion_nx501_wiring_harness.pdfIn PDF document text
- https://s3.amazonaws.com/xonaxevetaf/bangladesh_vs_australia_match_weather_report.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000e692.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xE692 | 5232 bytes |
SHA-256: dc0f267b7223bb9e009538ccb682fe2c1ce1889917067842f4db2dbda9655008 |
|||
font_01_sfnt_off0000f83f.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xF83F | 10344 bytes |
SHA-256: 18080700528a3b1fadbc9bcbcaf3a7ca186827526401ff16577e57a82524bc50 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.