MALICIOUS
112
Risk Score
Machine Learning
- Nyx PDF Classifier malicious score 0.8279
Heuristics 6
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
Embedded JS stream low PDF_JSPDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
-
SEO-redirector lure link (multi-word utm_term) low PDF_SEO_UTM_REDIRECTOR_LINKPDF contains a clickable link to a multi-word utm_term / FeedBurner-proxied SEO redirector — the search-keyword gateway used by the 'free document download' phishing family. Surfaced as an IOC; on its own this is a low-confidence signal.
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://lazav.co.za/XSRYdR1H?utm_term=devotional+songs++mr+jatt PDF link annotation
- https://xn----8sbkguc2dip.xn--07-6kc3bf4angc2g.xn--p1ai/files/files/24690068839.pdfIn PDF document text
- https://zobujopexa.weebly.com/uploads/1/3/0/9/130969678/7479184.pdfIn PDF document text
- https://lesikikonojen.weebly.com/uploads/1/3/0/7/130740189/matofugijex.pdfIn PDF document text
- https://kefelewupu.weebly.com/uploads/1/3/4/7/134711224/sanogomigika.pdfIn PDF document text
- https://ppic.net-line.pl/www/js/kcfinder/upload/files/buderoboguwoleleki.pdfIn PDF document text
- http://dury114.com/userData/ebizro_board/file/lurok.pdfIn PDF document text
- https://xefavona.weebly.com/uploads/1/3/4/4/134463094/rofat.pdfIn PDF document text
- https://crushersnepal.com/admin/uploads/files/retej.pdfIn PDF document text
- http://5thaveseniors.org/userfiles/file/kosawiwajezagubiguv.pdfIn PDF document text
- http://www.wcd.com.tw/ezadmin/ckfinder/userfiles/files/48246184609.pdfIn PDF document text
- https://greenways.at/userfiles/file/17546685921.pdfIn PDF document text
- http://tvcsoltau.de/userfiles/file/wakilurebit.pdfIn PDF document text
- https://kirojimetazabo.weebly.com/uploads/1/4/1/3/141300328/2900272d875.pdfIn PDF document text
- https://rafoduju.weebly.com/uploads/1/3/4/6/134680113/5838256.pdfIn PDF document text
- http://parquet-cortes.fr/data/Files/renowopawevebu.pdfIn PDF document text
- https://zemedefikejo.weebly.com/uploads/1/3/4/0/134040876/vapili-sefazuninotuf.pdfIn PDF document text
- https://godanikepogi.weebly.com/uploads/1/3/4/5/134509841/e0d13a21799.pdfIn PDF document text
- https://robvandamfoto.nl/UserFiles/files/notumemifa.pdfIn PDF document text
- https://bololadagulit.weebly.com/uploads/1/3/5/3/135348095/712735.pdfIn PDF document text
- https://fesakakosirin.weebly.com/uploads/1/3/6/0/136015409/toxapukom_kuwabebuxenepe.pdfIn PDF document text
- http://www.asbea.org.br/assets/plugins/kcfinder/upload/files/basareputekal.pdfIn PDF document text
- https://xogedanubukojoj.weebly.com/uploads/1/3/4/4/134491538/8596942.pdfIn PDF document text
- https://gedobelega.weebly.com/uploads/1/3/4/3/134375191/3815830.pdfIn PDF document text
- http://stnicholasway.com/userfiles/file/fiduboborosafilixujixij.pdfIn PDF document text
- https://lavozeto.weebly.com/uploads/1/3/0/7/130775819/lisusodope.pdfIn PDF document text
- https://www.assofmt.org/ckfinder/userfiles/files/83298435560.pdfIn PDF document text
- https://vebamumu.weebly.com/uploads/1/3/4/7/134730259/7343716.pdfIn PDF document text
- https://kimodoximotoden.weebly.com/uploads/1/3/1/8/131856266/wopojuwutananikela.pdfIn PDF document text
- https://rotemewan.weebly.com/uploads/1/3/1/3/131380756/342724.pdfIn PDF document text
- http://habitat3.eu/userfiles/files/ruwumidegurub.pdfIn PDF document text
- https://vidasukesidi.weebly.com/uploads/1/3/4/7/134731400/zusexab.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://dejavu.sourceforge.netIn PDF document text
- http://dejavu.sourceforge.net/wiki/index.php/LicenseIn PDF document text
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0003202d.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x3202D | 10648 bytes |
SHA-256: 569cb4b0240f27cef9221a8d041d73ef8c178d49c53b989e7433c0a148d62055 |
|||
font_01_sfnt_off00033884.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x33884 | 17616 bytes |
SHA-256: 8ee611b7b42d0c3bdfb550c6ddb64948c94ce3e2a79c080006840e8860fba627 |
|||
font_02_sfnt_off00036654.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x36654 | 16792 bytes |
SHA-256: 9d2294e344127da9ddc2b77d68b1576b6b78373885bc9da2859f180a98f2c1e1 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.