MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF contains a lure related to "Tetris online unblocked games" and embeds a URL pointing to a suspicious domain. ClamAV and ML classifiers have identified this file as malicious, specifically as a phishing trojan. The presence of embedded URLs and the nature of the detection suggest it's designed to redirect users to malicious content, likely for phishing or malware distribution.
Machine Learning
- Nyx PDF Classifier malicious score 0.9998
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://nipisod.ru/wix?keyword=tetris+online+unblocked+games
- http://agencymedia-ig.com/mp_board_10th_class_maths_book_solutl6031.pdf
- http://espacecmb.xyz/dyson_light_ball_upright_vacuum_cleaner_reviewce3rc.pdf
- https://cdn.sqhk.co/mutuwatu/oicviea/kumenewesuko.pdf
- https://cdn.sqhk.co/xumupojamax/2mY1idu/julutidumo.pdf
- http://lnstagramcopyrighthelps.com/fegexafirirade4q9kf.pdf
- https://cdn.sqhk.co/bataseset/uMjdg5p/stick_it_meaning_in_tagalog.pdf
- http://flowerport.market/233572626536nrym.pdf
- http://magic-world.site/the_complete_works_of_swami_vivekananda_free_download_in_hindi40dh1.pdf
- https://cdn.sqhk.co/bajowekununa/hcjaVha/nordic_ultimate_omega_1280.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://92e0cadd-ca3c-497d-ba7d-1aece6ee6da0.filesusr.com/ugd/008e52_a92eada0fbb04655ae61b84e18d5b3fa.pdf?index=true
- http://sufenerog.epizy.com/patton_m._q._1990._qualitative_evaluation_and_research_methods.pdf
- http://kuwulanunemitiv.epizy.com/36852441355.pdf
- https://22520ec4-2132-45a5-98b8-54db1b71d3ea.filesusr.com/ugd/b33b96_6d0f763c708943389f870a2dd891aad0.pdf?index=true
- http://pakewon.rf.gd/22947458778.pdf
- https://uploads.strikinglycdn.com/files/9a018cc4-a0ca-43c4-86ff-c8d7fe9c5508/96796363534.pdf
- https://uploads.strikinglycdn.com/files/0e99d202-86fe-43e9-a471-9ecf20076c7d/7554223048.pdf
- https://uploads.strikinglycdn.com/files/f3d4dab9-85e1-4982-93d7-039859bbeab7/91893751035.pdf
- https://97d49ff2-d914-4ae4-8ac8-5e5cf5f77cad.filesusr.com/ugd/6350c7_03b0bb2e1d784ce4a55240fd209d2ddd.pdf?index=true
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000cc37.bin64d53ec5070f282173ff7dc9a7c5b6b4b74eab4eaf37bcecdd6fa77a5d0bb453 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xCC37 | 5412 bytes |
font_01_sfnt_off0000de87.bin208341ede366f5cac634ff6f16d215d8664d381e4cadcb20def08935be5edc7e |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xDE87 | 10396 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.