MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
This PDF document, detected as a phishing trojan by ClamAV, contains an embedded URL that leads to a malicious domain. The document body, though heavily obfuscated, suggests a lure related to a 'keto diet plan'. The presence of an external URI points to an attempt to redirect the user to a potentially harmful website, likely for credential harvesting or further malware delivery.
Machine Learning
- Nyx PDF Classifier malicious score 0.9998
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://botokaw.ru/strik?utm_term=easy+to+do+keto+diet+plan+on+a+budget
- http://fitness1.space/which_cars_have_homelinkdh01o.pdf
- http://bestcreditcheck.info/mixenedobizirurwxrf.pdf
- http://fonudesuwobulud.mygamesonline.org/polytheism_vs_monotheism.pdf
- http://lawexape.mygamesonline.org/nobotapawoz.pdf
- http://zimezobot.getenjoyment.net/90044362588.pdf
- https://wazufepema.weebly.com/uploads/1/3/5/3/135383665/lulavofebusuv-renupozuri-natitefoki-bexisipolawif.pdf
- http://itverys.space/one_piece_treasure_cruise_guide_evolutionfpt7m.pdf
- http://dupamineni.medianewsonline.com/brandenburg_v_ohio_ruling.pdf
- http://kufafukedexepix.mygamesonline.org/kukojedijobokulubivowijek.pdf
- https://dewajijivixire.weebly.com/uploads/1/3/4/6/134638152/ninugesemajimis-bumorijemerug-wutotenem-xotun.pdf
- https://lemusudavigi.weebly.com/uploads/1/3/5/3/135395292/wigamomubijapewa.pdf
- http://ejqy.com/teramusedumipe7no9p.pdf
- http://xufededubumavif.scienceontheweb.net/posoropowijojinolikisi.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- http://xomutojekes.myartsonline.com/81864666381.pdf
- http://koduwutuvage.onlinewebshop.net/keracunan_arsenik.pdf
- https://98cdd5c5-c43e-49eb-9373-39517e896cbb.filesusr.com/ugd/90661f_d6360800ae71421386cece145aa27e28.pdf?index=true
- https://a62e46b8-d933-4087-892c-e5439cec6991.filesusr.com/ugd/e9cba9_2d04a1fc79a641909ee4d7eadc2d6052.pdf?index=true
- http://dilutibu.onlinewebshop.net/xetulageveredixa.pdf
- https://160e4e15-e27a-4ef2-9b26-f67fc0969a86.filesusr.com/ugd/cbdbb6_5540efd2fc4141c88042218f7448f3b4.pdf?index=true
- http://dowafirowelumex.atwebpages.com/66585944881.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000f6d9.bin385ca5963a084f3a92df5116e7550dfeb3cb5c3d2079b76999876ca5b8337b63 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xF6D9 | 5292 bytes |
font_01_sfnt_off000108fb.bina96721d0044644b5b0319cbc76c235efb4a5b3c31499f634ebf4a3ac99b1b25f |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x108FB | 11620 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.