MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF file was flagged by ML classifiers and ClamAV as malicious, specifically as a phishing trojan. It contains an embedded URI pointing to a suspicious domain, 'maypoin.ru', which is likely intended to host malicious content or redirect the user to a phishing site. The document body, though heavily obfuscated, appears to be related to educational worksheets, a common lure for phishing attacks.
Machine Learning
- Nyx PDF Classifier malicious score 0.9998
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://maypoin.ru/123?utm_term=distributive+property+of+multiplication+worksheets
- https://cdn.sqhk.co/wodaximewule/aahha53/nintendo_3ds_gold_zelda.pdf
- https://cdn.sqhk.co/zubuwebofe/hcrAOPP/drone_vs_remote_control_helicopter.pdf
- https://site-1181110.mozfiles.com/files/1181110/nukaxadikifejewizexipoga.pdf
- https://cdn.sqhk.co/fokatekox/qgjsjgl/99772351040.pdf
- https://site-1175326.mozfiles.com/files/1175326/horse_cart_racing_menorca.pdf
- https://cdn.sqhk.co/lulaxujik/bCRCgjw/dinosaur_world_map_wallpaper.pdf
- https://site-1175273.mozfiles.com/files/1175273/bft_hydraulic_gate_opener_manual.pdf
- https://cdn.sqhk.co/joxesinejag/rSjie7T/josinixiwutozetudam.pdf
- https://cdn-cms.f-static.net/uploads/4373997/normal_5fdae11544c3d.pdf
- https://static.s123-cdn-static.com/uploads/4393358/normal_5ff31d76df581.pdf
- https://cdn.sqhk.co/ninasodivofi/icja7xb/74520896974.pdf
- https://cdn.sqhk.co/nalomuxe/0uLhcid/repodukilefosubapibofa.pdf
- https://site-1174515.mozfiles.com/files/1174515/ninja_blender_cyber_monday_2019.pdf
- https://site-1174461.mozfiles.com/files/1174461/bumblebee_movie_gen_1_transformers.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://s3.amazonaws.com/pesetufavo/meaning_of_segment_reporting.pdf
- http://sogigadataga.epizy.com/peligonogugez.pdf
- http://ladorum.epizy.com/blur_background_photo_editor_app_android.pdf
- https://s3.amazonaws.com/kujesulad/alto_s_adventure_free_apk.pdf
- http://lokuvutifinulef.rf.gd/lezaranuratodavufubu.pdf
- http://vuxubeso.rf.gd/chhota_bheem_tamil_movie_2013.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000cc16.binc93a9385296d98d58791b6fbee65d06216bdf305ddb0ae15f6f5534d104fe00a |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xCC16 | 5712 bytes |
font_01_sfnt_off0000df81.binb93974afa3362e00fe2444266bf5149e7554526735c42d8febecf004c51e6610 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xDF81 | 9692 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.