MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF file was detected as malicious by ML classifiers and ClamAV, indicating a phishing or trojan payload. It contains an embedded URL that directs users to a suspicious domain, likely to host a malicious payload or phishing page. The document body, though heavily obfuscated, suggests a lure related to medical information to entice clicks on the external link.
Machine Learning
- Nyx PDF Classifier malicious score 0.9992
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://xezojetit.ru/123?utm_term=acidosis+tubular+renal+tipos+pdf
- https://static.s123-cdn-static.com/uploads/4407724/normal_5fec193f7ab7b.pdf
- https://cdn.sqhk.co/lorotukogof/ivhijdU/my_talking_angela_download_apk.pdf
- https://static.s123-cdn-static.com/uploads/4468531/normal_5fcd33bf32aca.pdf
- https://cdn.sqhk.co/midubevine/OXibwhE/ice_cream_cake_baker_shops_in_kolkata.pdf
- https://cdn.sqhk.co/zedawuzijis/ejaghQI/bejuxiwogobijetuzonukufe.pdf
- http://edalovert.xyz/67427346135qozzf.pdf
- http://help-bluebadgecustomer.com/286419944285gxiw.pdf
- https://cdn-cms.f-static.net/uploads/4484114/normal_6026471f420d7.pdf
- https://cdn.sqhk.co/naziwixolagu/Wgc4ibC/conspiracy_palette_looks_pictorial.pdf
- https://cdn-cms.f-static.net/uploads/4446496/normal_600e01024ad72.pdf
- https://cdn-cms.f-static.net/uploads/4384143/normal_603a6f51ec0b3.pdf
- http://bimupodum.iblogger.org/bujoda.pdf
- https://cdn-cms.f-static.net/uploads/4497685/normal_5fd61e5139696.pdf
- http://7lessons.website/juki_ddl-8700b-7_pricedc4uy.pdf
- https://cdn-cms.f-static.net/uploads/4428061/normal_6023f5b812ada.pdf
- https://cdn-cms.f-static.net/uploads/4445743/normal_600aaaafc174c.pdf
- https://static.s123-cdn-static.com/uploads/4403273/normal_5fe3b4e7f1d05.pdf
- http://vienvozvrat.site/velobuxerexosomudefeycgm.pdf
- https://cdn.sqhk.co/jotapepikota/hjhbgin/tabujinonusumo.pdf
- https://cdn.sqhk.co/ralajelisoju/mZtN1k8/37466685767.pdf
- https://cdn-cms.f-static.net/uploads/4404308/normal_60168a2cc528c.pdf
- https://cdn.sqhk.co/vuwewiwudesi/gejfhd3/71684463355.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- http://kojoduperoko.epizy.com/concordancia_strong_en_espaol_gratis_para_ipad.pdf
- http://nabikelotedabe.epizy.com/christmas_colouring_sheet_free.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000cf2b.bin3b57b05defa774740a3659e043c66296e2910eb065ffc5ffd94302f4978c2d4d |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xCF2B | 5276 bytes |
font_01_sfnt_off0000e126.bin1c97c558b1d3173445f1c445ec0bbc504ad7467e920718ab146dc8bd0cedbc25 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xE126 | 10560 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.