MALICIOUS
102
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1204.002 Malicious Link
The file was detected as a phishing trojan by ClamAV. The heuristics indicate the presence of urgency lures and a visual download button, suggesting a phishing attempt. Multiple external URLs were extracted, indicating the potential for downloading a secondary payload or redirecting to malicious sites. The document body, though heavily corrupted, contains text related to 'Asmaul husna pdf ebook' and application metadata, which may be part of a lure.
Machine Learning
- Nyx PDF Classifier clean score 0.0599
Heuristics 7
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
QR-code redirect lure medium SE_QR_LUREDocument instructs the user to scan a QR code with a phone — consistent with QR phishing, but also common in legitimate documents
-
Urgency / deadline lure low SE_URGENCY_LUREDocument contains urgency or deadline language ('account will be terminated', 'action required within 24 hours', etc.) — useful context, but low-signal without other findings
-
Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTONDocument contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://baarspo.ru/award?keyword=asmaul+husna+pdf+ebook PDF link annotation
- http://dusexixegiseves.iblogger.org/18839639445.pdfIn PDF document text
- http://worameruvejaka.mywebcommunity.org/amitav_ghosh_sea_of_poppies.pdfIn PDF document text
- http://xawikeroteguvu.iblogger.org/japanese_imperative_form_miru.pdfIn PDF document text
- https://zesuloni.weebly.com/uploads/1/3/4/8/134892945/gipab.pdfIn PDF document text
- https://tulovituvo.weebly.com/uploads/1/3/4/2/134234708/8863729.pdfIn PDF document text
- https://vafomelopujoxo.weebly.com/uploads/1/3/4/8/134864043/kepoliwogamoreganeka.pdfIn PDF document text
- https://jazakeramexevam.weebly.com/uploads/1/3/4/6/134615015/nemitatirita.pdfIn PDF document text
- http://livetajo.22web.org/bizeponagadaxiti.pdfIn PDF document text
- http://getoditatogufop.22web.org/what_trials_of_apollo_books_are_percy_jackson_in.pdfIn PDF document text
- http://nujagexurej.medianewsonline.com/computer_network_technician_trade_school.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- http://fedorahosted.org/lohitIn PDF document text
- http://smc.org.in)MeeraRegularMeera2016SMC7.0.0+20171102HussainIn PDF document text
- http://smc.org.inhttp://smc.org.inIn PDF document text
- http://www.indictrans.orgIn PDF document text
- http://www.opentle.orgIn PDF document text
- https://uploads.strikinglycdn.com/files/dd06e66a-84cc-403d-97b8-fb3cf9fe944f/wazakopevotuxabob.pdfIn PDF document text
- http://kevawiposiwa.rf.gd/binomische_formeln_aufgaben_klasse_8_gymnasium.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/f9b112b3-14a1-4536-ba27-daa214f663de/nixijuvo.pdfIn PDF document text
- https://s3.amazonaws.com/rowubunak/51754347033.pdfIn PDF document text
- https://s3.amazonaws.com/boxujetanonikuv/palalawigagepatax.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/de746316-a065-4977-be37-2120d47eb3b0/59232515318.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://dejavu.sourceforge.netIn PDF document text
- http://dejavu.sourceforge.net/wiki/index.php/LicenseIn PDF document text
- http://scripts.sil.org/OFLIn PDF document text
- http://www.geocities.com/mitra_anirban/hobbies.htmGNUIn PDF document text
- http://www.gnu.org/copyleft/gpl.htmRegularIn PDF document text
- https://gitlab.com/smc/meera/blob/master/COPYINGIn PDF document text
- http://www.gnu.org/licenses/lgpl.htmlRegularDanhHongIn PDF document text
- http://www.geocities.com/dnhhngIn PDF document text
- http://www.gnu.org/licenses/gpl.htmlIn PDF document text
Extracted artifacts 16
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
stream_020_off0006ae49.bin |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x6AE49 | 34580 bytes |
SHA-256: b785e2e0951a3a4e7895f74e6467acb04a2b9b9664799bb8b691e778b4e5f6a1 |
|||
font_00_sfnt_off00053f6f.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x53F6F | 34152 bytes |
SHA-256: 5f6b59d9155acd6155053272a6bf02328db5bbb347842cc6013165597bcf6e46 |
|||
font_01_sfnt_off0005a44c.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x5A44C | 5380 bytes |
SHA-256: 8646e2bad824d8f91b92bcb3d3f536f16ef0a172ca3cddb956fdc86c0c5d0724 |
|||
font_02_sfnt_off0005b666.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x5B666 | 3432 bytes |
SHA-256: d790883706135072e787d1ccb4c8aa81eaf09645e17db4055c98bed6fa0d473c |
|||
font_03_sfnt_off0005c31f.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x5C31F | 4416 bytes |
SHA-256: 105d581f27b306ec8f7d8924e95d24fc8cde62219fb37306271fbd7b58ddab29 |
|||
font_04_sfnt_off0005d14a.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x5D14A | 4148 bytes |
SHA-256: dbeb4b9fd4a173cbab515fb5071fdbd2b7c8e79ba1601aa1e8a93c17886f4a11 |
|||
font_05_sfnt_off0005e118.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x5E118 | 5700 bytes |
SHA-256: cc80d5b912f0724b30a27d1a907c37215664d9734fb15ad49e7095eac3ded7c8 |
|||
font_06_sfnt_off0005f282.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x5F282 | 3092 bytes |
SHA-256: d3ff27742acb8d2370bd645d3bb90196436df7874f32d54bfaae442016ca7868 |
|||
font_07_sfnt_off0005ff92.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x5FF92 | 3028 bytes |
SHA-256: 44da65e5da78cda2aa2fdf4f6ff520840ac348b8062f6d50ec10a3f9a2dd6c48 |
|||
font_08_sfnt_off00060c4c.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x60C4C | 2604 bytes |
SHA-256: 0e4b190990c22158f359a0de2485c61736e93a484cfb226f63bccb9bc1da1b2f |
|||
font_09_sfnt_off00061768.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x61768 | 17160 bytes |
SHA-256: 2bee9cb6f66f76913fc357b1f64e2666eedb67aee11f105f71001e038a6c0a57 |
|||
font_10_sfnt_off00064a6e.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x64A6E | 4720 bytes |
SHA-256: a361d83f402da9f5d2ec8da6f233790e3a936c71b70cff38c124c054454390ca |
|||
font_11_sfnt_off00065953.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x65953 | 6148 bytes |
SHA-256: 149738eb3e1d0bfb4a5732e89a115965e6f0cf3fc4971c694d3ce3619176544d |
|||
font_12_sfnt_off0006693c.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6693C | 24660 bytes |
SHA-256: 41de046cbb25c50e4d7d77036660a139e815a269882f6f743d82f15dbd11227d |
|||
font_14_sfnt_off0006ef1c.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6EF1C | 4240 bytes |
SHA-256: cbf49ae1f50b43bd96115958e8e4245c989a23abdd2373ab04ab7b315f9bbfe9 |
|||
font_15_sfnt_off0006ff1b.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6FF1B | 2544 bytes |
SHA-256: b3be476248d72a67db55d4849fd4986388ba7b62318b7555ed31dc4ecb59c50f |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.