MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The file was detected as malicious by ML classifiers and ClamAV, indicating a high likelihood of malicious intent. The embedded URL `https://zajinet.ru/award?keyword=stable+angina+pdf` suggests a phishing or scam attempt, using a seemingly relevant keyword to entice clicks. While no scripts were explicitly extracted, the PDF structure and embedded URLs are indicative of a malicious document designed to lead users to external, potentially harmful content.
Machine Learning
- Nyx PDF Classifier malicious score 0.9997
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://zajinet.ru/award?keyword=stable+angina+pdf
- http://wusefarowakuzux.iblogger.org/38984442301.pdf
- https://cdn-cms.f-static.net/uploads/4418567/normal_600e7caeb8776.pdf
- https://static.s123-cdn-static.com/uploads/4489852/normal_5ffe46da50036.pdf
- https://cdn-cms.f-static.net/uploads/4366364/normal_5fd2678e0ffc5.pdf
- http://peluxuba.sportsontheweb.net/35226040611.pdf
- https://cdn-cms.f-static.net/uploads/4412757/normal_604aaedba439a.pdf
- http://bupimobim.sportsontheweb.net/concept_of_curriculum_development.pdf
- http://vewarisowavagav.iblogger.org/how_to_fix_a_furby_connect_that_wont_turn_on.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://6e229dea-1f83-4be8-8cd3-388eabd4f5e3.filesusr.com/ugd/1cfe37_41799cd66db34c3bb239e836665811c3.pdf?index=true
- https://db244590-af71-4c33-bd6e-2f8f55f31281.filesusr.com/ugd/fdab61_4e97508515b4407eba6a2f0222901018.pdf?index=true
- http://vudazirukileri.epizy.com/zilamuzonewimirisulavasi.pdf
- http://zulonojaminipe.rf.gd/pabaja.pdf
- http://penanaras.myartsonline.com/arduino_unowifi_r3_robotdyn.pdf
- http://xapowigi.epizy.com/37740613277.pdf
- http://wufasimateli.epizy.com/bujonanesime.pdf
- https://b46c4cda-4951-41c0-816f-bbf02eee4d9b.filesusr.com/ugd/4ff992_42a5748bcb1d410cb21de7f2fa45c419.pdf?index=true
- http://gavawekib.myartsonline.com/vixojebipeb.pdf
- http://xadeboni.epizy.com/93759878520.pdf
- https://99b08629-27b2-41dd-83a1-938dc2ca35bd.filesusr.com/ugd/067ecb_22a444865dd9484982ba7ab02bb48a57.pdf?index=true
- https://9764c975-acb6-4bd5-a3ff-b1f4624bc9bc.filesusr.com/ugd/5bcb7b_6a84913819384cc0bf8133c8cb2c6899.pdf?index=true
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000ddab.bin935da53a23b247fdd8b0fb3213ffd945f42ae52a9f39f6e3333882b26fc4ec68 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xDDAB | 5176 bytes |
font_01_sfnt_off0000ef5a.bin1d8703276c4a1f7e19bc38acbdbb3d29c0793b99b200b6ee29e6f0ee2333279c |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xEF5A | 10940 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.