MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
The PDF file was flagged by a machine learning classifier and ClamAV as malicious, indicating a phishing attempt. The embedded URL, while classified as benign, suggests a potential lure to a malicious site. The presence of PDF-specific heuristics and the authoring application 'wkhtmltopdf' indicate the document was likely generated programmatically to host malicious content.
Machine Learning
- Nyx PDF Classifier malicious score 0.9850
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://feedproxy.google.com/~r/sq/ugae/~3/-7-cX3opz_8/square?utm_term=meaning+of+cataleptic
- https://static1.squarespace.com/static/60aac4dd19f082755c4e5c69/t/60e8b82f1b56fd0575798623/1625864239596/tazixefomubogugiterijom.pdf
- https://static1.squarespace.com/static/60aac4dd19f082755c4e5c69/t/60e919223b7e7c63344ff657/1625889058424/rss_2.0_feed.pdf
- https://static1.squarespace.com/static/60bf6cad3a95e91b59aa2418/t/60e8cbc34f75526203383baf/1625869251871/42742820937.pdf
- https://static1.squarespace.com/static/60aac4e0d5abe22cec5c4b22/t/60ec8590c3fb560d26f312b0/1626113424894/what_is_a_sensory_adjective.pdf
- https://static1.squarespace.com/static/60aac4e0d5abe22cec5c4b22/t/60e89c503832431b44086bd4/1625857104219/ologist_medical_meaning.pdf
- https://static1.squarespace.com/static/60aac4dd19f082755c4e5c69/t/60ec848f4027437375969aba/1626113167720/jesofujepesevejira.pdf
- https://static1.squarespace.com/static/60bf6cad3a95e91b59aa2418/t/60e94809e51f1f218d6b2dc9/1625901065643/44879520420.pdf
- https://static1.squarespace.com/static/60aac5994c6b1805bc4acbdb/t/60e87d07609a93167f916233/1625849095102/nodoxuganuseba.pdf
- https://static1.squarespace.com/static/60bf6cad3a95e91b59aa2418/t/60e8b5897259ea1c2eb036dd/1625863561899/standard_conditions_of_sale_3rd_edition.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://dejavu.sourceforge.net
- http://dejavu.sourceforge.net/wiki/index.php/License
Extracted artifacts 4
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000c32d.bin53fe2d6c949ebc2a232291641be080026bf90b03f6a75fd309f5a2889abc588c |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xC32D | 17740 bytes |
font_01_sfnt_off0000f17f.bin0d91b93c30cdb4b9fcc5287ef31e0f6d3b75050094e35c3303e90e7f2c1d387e |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xF17F | 2296 bytes |
font_02_sfnt_off0000fb7e.bin9d2294e344127da9ddc2b77d68b1576b6b78373885bc9da2859f180a98f2c1e1 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xFB7E | 16792 bytes |
font_03_sfnt_off00011395.bin3f9426ea5c829fc010949dd24943ac0709242d1ef0c906f458b5dd24b702c494 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x11395 | 10380 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.