MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The file was detected as malicious by ClamAV and an ML classifier, indicating a high likelihood of malicious intent. The presence of an embedded URI pointing to 'soxebez.ru' suggests a phishing or malware distribution attempt. Although no scripts were explicitly extracted, the PDF structure and embedded URLs are indicative of a malicious document designed to trick users into downloading further payloads or revealing sensitive information.
Machine Learning
- Nyx PDF Classifier malicious score 0.9998
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://soxebez.ru/award?keyword=liturgical+year+worksheet+pdf
- http://nawitebexu.medianewsonline.com/lobuvikafede.pdf
- http://kodiludo.iblogger.org/occupational_health_and_safety_lecture_notes.pdf
- http://natotakujoriw.iblogger.org/severe_sepsis_and_septic_shock_antibiotic_guide.pdf
- http://nokasosozigof.mypressonline.com/richard_iii_of_england.pdf
- http://tanijijud.sportsontheweb.net/cuanto_es_2_pulgadas_en_milimetros.pdf
- http://tiwelonepozafuw.iblogger.org/empires_and_puzzles_hero_guide_anchor.pdf
- http://doxisolawasusig.66ghz.com/99386548262.pdf
- http://begimewabifax.getenjoyment.net/apostrophe_examples_sentences.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://s3.amazonaws.com/tuxalowafokuvo/97719509928.pdf
- http://sivofabef.epizy.com/60431473933.pdf
- https://s3.amazonaws.com/liwara/organic_chemistry_important_reactions_for_jee_mains.pdf
- https://uploads.strikinglycdn.com/files/ee06349d-2d91-4f85-86f9-7cf4d6cf54af/test_de_inteligencias_multiples_howard_gardner_ficha_tecnica.pdf
- https://uploads.strikinglycdn.com/files/bcb41db7-6aaa-4565-8326-3c7971efd0c5/51272138338.pdf
- https://s3.amazonaws.com/zozuxukoxo/what_caused_the_italian_renaissance.pdf
- https://uploads.strikinglycdn.com/files/6b4bc51e-d1bc-4d9d-8fb9-0d9239d1b2a6/qcy_airpods_price_in_pakistan.pdf
- https://s3.amazonaws.com/netinuwa/95563001769.pdf
- http://teporududa.rf.gd/35406571526.pdf
- http://pemixatu.epizy.com/codex_adeptus_custodes_8th_edition.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000e0bb.bin6acf4d715f5064960f724a266a918e569466a5e47114e69935658afd532ccc60 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xE0BB | 5616 bytes |
font_01_sfnt_off0000f3f4.bin486a71593936087e85ebe7c736c9d7f40262d36ad95ba095d76d61b5be44f061 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xF3F4 | 10528 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.