MALICIOUS
94
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF file was detected as malicious by ML classifiers and ClamAV, indicating a phishing or trojan threat. It contains an embedded URI pointing to a suspicious domain, likely intended to redirect the user to a malicious site. The document body, though heavily obfuscated, appears to contain text related to a fraction, possibly as a lure.
Machine Learning
- Nyx PDF Classifier malicious score 0.8593
Heuristics 3
-
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://maypoin.ru/strik?utm_term=44%252F48+simplified+to+a+fraction
- http://govnosiakxws.online/sex_education_dvd_release_datejiogh.pdf
- https://cdn.sqhk.co/savadapo/ieihqji/othello_computer_game_free_download.pdf
- http://ruwosiju.getenjoyment.net/singer_brilliance_6180_sewing_machine_manual.pdf
- https://cdn.sqhk.co/jogowijalaro/SjcaQie/casino_bingo_battle_creek_michigan.pdf
- http://womovenum.sportsontheweb.net/88629319715.pdf
- http://zifufarox.getenjoyment.net/agriculture_intensive_definition.pdf
- http://xofofumireke.mypressonline.com/absorcion_intestinal.pdf
- http://usacreditmonitoring.info/zewimonewebnr7q.pdf
- http://vashastrahovka24.ru/how_to_change_avatar_photo_in_call_of_duty_mobileabk4p.pdf
- http://nizavevorupuj.mywebcommunity.org/mental_capacity_assessment_form.pdf
- https://cdn.sqhk.co/bavimimo/Aibhahd/bosajepejikokoxozag.pdf
- https://cdn.sqhk.co/vixemujomu/idOijib/xafetovugiju.pdf
- https://cdn.sqhk.co/megopofe/cidhhOF/directv_sports_guide_channel.pdf
- http://bit7.top/how_to_keep_my_ice_maker_from_freezing_upnplu8.pdf
- http://filmera.ru/rewikazopel1inf1.pdf
- http://hotita.space/73737684217c8c46.pdf
- http://apple-fruit.space/dell_u3415w_review_ukeir7i.pdf
- http://antinomi.design/what_causes_discolored_teeth_in_toddlersi44or.pdf
- http://buvalopexur.mygamesonline.org/angle_relationships_in_triangles_worksheet.pdf
- http://ellmax-site.xyz/breadman_plus_owners_manual2pudc.pdf
- http://biwiroxefamir.mywebcommunity.org/suxewenidom.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://s3.amazonaws.com/divexikav/stay_with_me_goblin_ost_song.pdf
- http://gakamaxoluzes.atwebpages.com/zoology_mcqs_book_free_download.pdf
- https://s3.amazonaws.com/folexapurilowe/woriz.pdf
- http://sopexalibip.onlinewebshop.net/51432688098.pdf
- https://savannah.gnu.org/projects/freefont/
- http://www.gnu.org/licenses/
- http://www.gnu.org/copyleft/gpl.html
- http://scripts.sil.org/OFL
Extracted artifacts 4
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000ee9e.bin048fb1891f432488516cd811e7b04d68e7d39e548ca3495625137f8fb0c23ff4 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xEE9E | 6744 bytes |
font_01_sfnt_off0000ff83.bin31d7ec0c47936f76d95bb8b3c3e1a16d0602dde8823f8806ee9c04fe4215d443 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xFF83 | 5312 bytes |
font_02_sfnt_off0001116e.bin0d8cf484b33970a08193064933f1485e900b3c0e3d83f6b5e770d99a79c07928 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1116E | 8912 bytes |
font_03_sfnt_off00012eca.bin1580af30aa563ee184df934feddc906cf59ee6eb933b983a9f7fe64191ee240a |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x12ECA | 10756 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.