MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF file was flagged by a machine learning classifier and ClamAV as malicious, specifically as a phishing trojan. It contains an embedded URI pointing to 'https://xajibur.ru/strik?utm_term=my+cloud+storage+8tb', which is likely a phishing or malware distribution link. The document body, though heavily obfuscated, suggests a lure related to cloud storage.
Machine Learning
- Nyx PDF Classifier malicious score 0.9998
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://xajibur.ru/strik?utm_term=my+cloud+storage+8tb PDF link annotation
- https://cdn-cms.f-static.net/uploads/4460457/normal_6053237bc23cf.pdfIn PDF document text
- https://cdn.sqhk.co/fezifoxunif/6Ztjehe/ryan_kakao_friends_pillow.pdfIn PDF document text
- https://cdn.sqhk.co/rolidofajug/8x2ghsf/weramewotusuposi.pdfIn PDF document text
- https://cdn.sqhk.co/nikofejujel/TOmjhln/pabumuwu.pdfIn PDF document text
- https://cdn.sqhk.co/tusufawenu/1Ehftie/cosmos_db_emulator.pdfIn PDF document text
- https://cdn.sqhk.co/suwojixuwebi/i17NhgT/my_kutty_movies_collection_2015.pdfIn PDF document text
- https://cdn.sqhk.co/fixeruzef/8Oibijc/let_it_be_piano_sheet_music_chords.pdfIn PDF document text
- https://cdn.sqhk.co/jadilogivusa/yy7hdje/bohr_s_atomic_model_worksheet.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4480383/normal_603294e7ccb34.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4481406/normal_604f069dae5d6.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://s3.amazonaws.com/mafavuzenoliki/how_to_program_clicker_garage_door_opener_with_liftmaster.pdfIn PDF document text
- https://s3.amazonaws.com/nelizenejakarug/midi_to_mp3_converter_for_android_apk.pdfIn PDF document text
- https://s3.amazonaws.com/xupizewuxere/49715635913.pdfIn PDF document text
- https://s3.amazonaws.com/nowokil/paladin_warlock_5e_guide.pdfIn PDF document text
- https://s3.amazonaws.com/wekibik/management_skills_test_upwork_answers.pdfIn PDF document text
- https://s3.amazonaws.com/muvemasoxaji/medatamepuses.pdfIn PDF document text
- https://s3.amazonaws.com/podawakumepewez/pomavijojiwo.pdfIn PDF document text
- https://s3.amazonaws.com/zalisujezajaje/what_book_number_is_fire_and_blood.pdfIn PDF document text
- https://s3.amazonaws.com/vazisi/how_to_compute_binomial_probability_formula.pdfIn PDF document text
- https://s3.amazonaws.com/xisefowu/how_to_review_a_medical_journal_article.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000eddf.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xEDDF | 5548 bytes |
SHA-256: c9e83c1020ab007d26b8f7abde1b18534b4b19f10e53f5ecd9742ca4d9bf1015 |
|||
font_01_sfnt_off000100d5.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x100D5 | 10904 bytes |
SHA-256: d9efffb48bf0b79423377acc363c62d8a3fe0d33d6ce82ce714676590993f0c8 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.