MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF contains a link disguised as a movie download, which is a common phishing lure. The ML classifier and ClamAV detection strongly indicate malicious intent. The embedded URL points to a suspicious domain, likely serving as a landing page for malware or further phishing attempts.
Machine Learning
- Nyx PDF Classifier malicious score 0.9992
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ponafet.ru/strik?utm_term=download+film+friend+zone+2019+full+movie+sub+indo
- https://cdn-cms.f-static.net/uploads/4390329/normal_602d5bbb8f7a0.pdf
- https://robesiso.weebly.com/uploads/1/3/4/5/134501854/151700.pdf
- https://devogenigibef.weebly.com/uploads/1/3/4/5/134501446/pufesi.pdf
- https://dilaxala.weebly.com/uploads/1/3/4/8/134865885/778144.pdf
- https://lamuwopinu.weebly.com/uploads/1/3/4/6/134632291/8741069.pdf
- https://vevumugenewasu.weebly.com/uploads/1/3/0/7/130776279/vijuw_dikolelas_doradasob_ladujedunix.pdf
- https://cdn-cms.f-static.net/uploads/4417023/normal_5fd22cddc5e83.pdf
- https://wofovado.weebly.com/uploads/1/3/1/8/131871653/227a232bb.pdf
- https://laratenin.weebly.com/uploads/1/3/2/8/132816160/5654092.pdf
- https://terenedadobi.weebly.com/uploads/1/3/5/9/135961601/264d9152.pdf
- https://vebupixe.weebly.com/uploads/1/3/4/8/134854050/c23b8bde7cb6d.pdf
- https://cdn-cms.f-static.net/uploads/4446035/normal_6020452737fda.pdf
- https://tinuvireredat.weebly.com/uploads/1/3/4/8/134864568/joniwaxevegi_gipuzoxunu.pdf
- https://kitijudaxedefex.weebly.com/uploads/1/3/5/3/135350735/3941787.pdf
- https://cdn-cms.f-static.net/uploads/4389085/normal_60640b3d0bc29.pdf
- https://bamigabimav.weebly.com/uploads/1/3/1/6/131636977/raren.pdf
- https://jikidamasot.weebly.com/uploads/1/3/4/8/134874174/wabinapujufoga.pdf
- https://jojixisobimat.weebly.com/uploads/1/3/4/7/134771177/wibuvobefuwemabora.pdf
- https://datuzela.weebly.com/uploads/1/3/4/1/134109276/8581622.pdf
- https://dolopexoje.weebly.com/uploads/1/3/1/8/131872138/0eb5439192a.pdf
- http://161.97.147.4/
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000381cd.bin3a189f2cc14e109ac16a86dfde0100c67021425bdb924433c12c2ee59b504860 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x381CD | 5876 bytes |
font_01_sfnt_off000395d7.binab768590bce40a63a920cdf15a93a03abe17e04ec795c2e3e7d4b9e160bee4ee |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x395D7 | 15004 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.