MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The file is identified as malicious by ML classifiers and ClamAV, with a specific detection name indicating it's a phishing trojan. It contains an embedded URL pointing to 'seumenha.ru', which is likely used to deliver a malicious payload or conduct phishing. The PDF structure and embedded content suggest an attempt to disguise malicious activity within a seemingly legitimate document.
Machine Learning
- Nyx PDF Classifier malicious score 0.9332
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://seumenha.ru/wix?keyword=a%2526p+directional+terminology+worksheet
- https://cdn-cms.f-static.net/uploads/4451348/normal_6018cac73754a.pdf
- http://basijinogasa.22web.org/avira_phantom_vpn_crack_free.pdf
- http://lemujivowukita.22web.org/lugawemexifikodovuse.pdf
- https://static.s123-cdn-static.com/uploads/4385011/normal_5ff79babefe22.pdf
- https://jedidaril.weebly.com/uploads/1/3/4/6/134687024/remelujavasag.pdf
- https://static.s123-cdn-static.com/uploads/4408009/normal_5fee7d869c7f3.pdf
- http://excschool.ru/doxolekebemopomazinexonetjh9e8.pdf
- http://proflist-barnaul.ru/jevamusupewamamapodilirajdta3m.pdf
- http://uscreditinquiry.info/year_3_english_writing_worksheetszjgl1.pdf
- https://baseparefawufif.weebly.com/uploads/1/3/1/4/131453046/d6519.pdf
- https://static.s123-cdn-static.com/uploads/4415937/normal_5fe2bf717b7b3.pdf
- http://datulosuwila.iblogger.org/ignou_b._ed_prospectus_2020.pdf
- https://static.s123-cdn-static.com/uploads/4413117/normal_5feeacd7c5629.pdf
- http://wilidelefuguki.22web.org/vijuraputaduwoxoradifika.pdf
- http://doworevo.22web.org/87574004409.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- http://www.indictrans.org
- http://www.daltonmaag.com/
- http://fedorahosted.org/lohit
- http://dulubuli.rf.gd/77543227985.pdf
- http://lumijezemoto.rf.gd/poruwudajuvumavavotibubeg.pdf
- http://mugosovexu.epizy.com/new_statin_guidelines_2017.pdf
- http://nukixoxekixos.epizy.com/allstate_homeowners_insurance_policy_forms.pdf
- http://bororatofidapuw.epizy.com/sap_supply_chain_management_tutorial.pdf
- http://rixuzomobe.epizy.com/71689209840.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- https://savannah.gnu.org/projects/freefont/
- http://www.gnu.org/licenses/
- http://www.gnu.org/copyleft/gpl.html
- http://scripts.sil.org/OFL
- http://www.geocities.com/mitra_anirban/hobbies.htmGNU
- http://www.gnu.org/copyleft/gpl.htmRegular
- http://dejavu.sourceforge.net
- http://dejavu.sourceforge.net/wiki/index.php/License
Extracted artifacts 12
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00010ee0.bin2d811cebeff7759817a7e286b5076e1f6f956771503522e5f7c1822b317b925b |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x10EE0 | 7296 bytes |
font_01_sfnt_off0001217a.binb5c7a5074d967e324d70c77b65a3c258799c57ead775322d3b12fe942736c3b6 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1217A | 3792 bytes |
font_02_sfnt_off00012e8a.bin7f48d2d60e7530e22cf351e32d13ce6a3d4685f4adb4c3b75552b1e8e0eb4dd4 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x12E8A | 3472 bytes |
font_03_sfnt_off0001399d.bind1ab2eaf33ac6fa4e874223c3058b7ec29798a41b7c0af398c644e9bf4d44e4e |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1399D | 6196 bytes |
font_04_sfnt_off000148a5.bin182dfa9557eb39bb0a9c5712a4652e2c3972e10130a7a4f915c66ce0d4819512 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x148A5 | 3884 bytes |
font_05_sfnt_off000154cb.bin3969ac3773bdd222cc3bf495d25cbc4dc72afdda0311f502aefa3ef7d7af407f |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x154CB | 3732 bytes |
font_06_sfnt_off0001600d.bindca7990c27d99521b0410e3df4d00e5f3f4901a9b313c326de70a2a914f3e7a5 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1600D | 1780 bytes |
font_07_sfnt_off000168e9.binf9ed3a26c95c725bea402c25e06bfa5b52409369129dfd5ad8ed1bddd1375619 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x168E9 | 28308 bytes |
font_08_sfnt_off0001aab5.bin729fbdd14cf6341dc2f0c31acfe208b5e180b373f934c2852e7dfea7160ec61f |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1AAB5 | 17100 bytes |
font_09_sfnt_off0001c391.bin05d2457133b820fa77aa358e30e9acfbad3f04c46ced9a37296d9311117db176 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1C391 | 4324 bytes |
font_10_sfnt_off0001d19a.bin889eb737fccadef3ab337128606362a9448deff7f9e1cae2103ef82d4dcd11cc |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1D19A | 2448 bytes |
font_11_sfnt_off0001db72.bin2359d4dc8c87cd778a753e76dfb6c34bf2ae6a8a02fa91ceb73264bfc4645416 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1DB72 | 6360 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.