MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF file was detected as malicious by ClamAV and an ML classifier, indicating a high likelihood of malicious intent. It contains an embedded URI pointing to 'ponafet.ru', which is likely a phishing or malware distribution site. The document body, though heavily obfuscated, suggests a lure related to 'world religions webquest chart answer key' to entice users to click the malicious link.
Machine Learning
- Nyx PDF Classifier malicious score 0.9993
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ponafet.ru/wix?keyword=world+religions+webquest+chart+answer+key
- https://cdn.sqhk.co/gixelotopa/hiIe2Xt/rope_frog_ninja_hero_mod_apk_happymod.pdf
- https://cdn.sqhk.co/mewuwemiromi/Sidcj6v/14281209041.pdf
- http://tuzirifuxeza.iblogger.org/27878708527.pdf
- https://cdn.sqhk.co/mifijizudi/fbaia3m/46908892513.pdf
- https://cdn.sqhk.co/sotatixorawi/hR0B4hd/callaloo_seeds_home_depot.pdf
- https://cdn.sqhk.co/tolademapati/eufoidy/beechcraft_musketeer_performance.pdf
- https://cdn.sqhk.co/zafupusapun/SPie2VV/capital_e_with_accent_alt_code.pdf
- https://cdn.sqhk.co/xezafube/jjajjTz/wwe_2k15_accelerator_pc.pdf
- https://cdn.sqhk.co/zugivakizo/eghpFgd/exit_interview_definition.pdf
- https://cdn.sqhk.co/butuxolevu/rrgiKXz/biological_evolutionary_psychology_definition.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://s3.amazonaws.com/tikoweravisixu/nadubidotagiwu.pdf
- https://s3.amazonaws.com/jazuravazaguz/live_life_live_lent.pdf
- http://bozalusi.epizy.com/bissell_professional_pet_carpet_cleaner_manual.pdf
- https://s3.amazonaws.com/dejazuvorira/92192781521.pdf
- http://fejesaj.epizy.com/87885817604.pdf
- http://kodiwukelesore.rf.gd/gauge_to_mm_conversion_chart_sheet_metal.pdf
- http://lutonidem.rf.gd/24337890439.pdf
- https://s3.amazonaws.com/putelekireza/download_microsoft_project_2013_64_bit_full_crack.pdf
- http://zoxutuperovizo.epizy.com/clinical_nutrition_free.pdf
- http://pivotigapux.rf.gd/astro_del_ciel_spartito_chitarra.pdf
- http://vafedoba.rf.gd/andhra_pradesh_history_for_group_2.pdf
- http://jorelodifi.rf.gd/are_there_still_caliphs_today.pdf
- https://s3.amazonaws.com/kigavanus/how_do_i_find_my_asus_router_username_and_password.pdf
- http://tebupidoxopis.epizy.com/89527448497.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00013a1d.bin09d85563ee91b9fc542390d2eed1099538e51b30bb52a3d0bf86478aecee6d3e |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x13A1D | 5736 bytes |
font_01_sfnt_off00014db2.bin060d0bc1941477342b64b4aeb4f42747d70547a987e0431a32a2d7804604601a |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x14DB2 | 24348 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.