MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The file was detected as malicious by ClamAV and an ML classifier, indicating a high likelihood of malicious intent. The embedded URL points to a phishing site, suggesting the PDF is used as a lure to redirect users. The PDF structure and embedded content are consistent with phishing campaigns that leverage documents to distribute malicious links.
Machine Learning
- Nyx PDF Classifier malicious score 0.9996
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://jottigo.ru/strik?utm_term=what+are+the+stages+of+spelling+development
- http://pazujiz.mygamesonline.org/85910929573.pdf
- https://static.s123-cdn-static.com/uploads/4425256/normal_5fcb3329201b9.pdf
- https://cdn.sqhk.co/giganopof/hjGgipC/grow_financial_credit_union_payoff_address.pdf
- https://cdn.sqhk.co/sepovili/4hfjacs/86795753600.pdf
- http://vixemifojetinag.sportsontheweb.net/17530123555.pdf
- http://azalea.store/40862835201e0z43.pdf
- https://cdn.sqhk.co/kokijunuxagi/gdYgjV5/dimeb.pdf
- http://newberginvestmentproperty.com/adagio_sheet_musicqtyuo.pdf
- http://roskycnmx.com/define_booklet_report06b3h.pdf
- https://cdn-cms.f-static.net/uploads/4384655/normal_5fdbe2156bb2f.pdf
- http://iclod.tech/how_to_reply_thank_you_email_professionally_to_boss0jyby.pdf
- https://cdn.sqhk.co/jirowolad/idtgfB3/98444246486.pdf
- https://static.s123-cdn-static.com/uploads/4500438/normal_5ff28dd113626.pdf
- http://givimemaregudum.sportsontheweb.net/alphabet_activities_for_kindergarten.pdf
- https://cdn.sqhk.co/niwonosorude/hhjVgch/crossword_mysteries_season_1.pdf
- http://zakukat.iblogger.org/77599455192.pdf
- https://cdn-cms.f-static.net/uploads/4484365/normal_60192e52f003d.pdf
- http://gufutaca6.xyz/52508472102951c4.pdf
- https://cdn.sqhk.co/bibilofefi/zPVZygh/daxivapidavowisewezix.pdf
- https://cdn.sqhk.co/lezubenewago/9alhjgi/random_facts_about_mental_illness.pdf
- https://cdn.sqhk.co/madilaxetevo/adweILJ/top_caller_tunes_telugu_2019.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- http://mebexadesojixip.rf.gd/ye_barish_ka_mausam_song_free.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000ee16.bine43a28c0a28c338c6357f29abcf7c4d562af8962a30a1b8f04e0ef77528dfe44 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xEE16 | 5528 bytes |
font_01_sfnt_off000100d5.bin38f413a1861ca4683e6f7b492a2b76f84683dca2cbe142a497806014906783e8 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x100D5 | 10532 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.