MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF file contains an embedded URI pointing to a suspicious domain, identified by ClamAV as Pdf.Phishing.Trojan. The ML classifier also flagged this PDF with high confidence. The document body, though heavily obfuscated, appears to be a lure related to song lyrics, aiming to trick users into visiting the malicious URL.
Machine Learning
- Nyx PDF Classifier malicious score 0.9989
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ketchas.ru/pbw?utm_term=peux+tu+me+dire+paroles PDF link annotation
- https://cdn-cms.f-static.net/uploads/4419206/normal_601d54e56f0a5.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4422620/normal_60562b47da1e5.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4369932/normal_5fdb6e91ea298.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4365655/normal_60627eee28521.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4422144/normal_5fcddc11262df.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4407784/normal_5ff1f42def500.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4393370/normal_602418b84e403.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4387817/normal_6034e23aad567.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4468255/normal_5ffe9f1c103b1.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://uploads.strikinglycdn.com/files/42bb4d71-7e2b-4db9-9b21-5e7b7633c734/mamadou_et_bineta_livre_gratuit.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/7711b74f-cac2-443b-a0ec-6ebabdf54d18/how_to_manage_superficial_vein_thrombosis.pdfIn PDF document text
- http://lakebimutep.pbworks.com/w/file/fetch/144414372/cellular_respiration_experiment_with_yeast_and_methylene_blue_lab_report_introduction.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/229d535b-a59e-48ab-a4d8-2850a822ce79/why_is_sicl4_simple_molecular.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/dcb43964-e76f-4fbc-9bec-71ea67e8171c/para_q_sirve_carbonato_de_magnesio.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/3bfecd5b-08d5-4429-8e70-cd62646891d3/11384274688.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/c0b802e9-6523-4496-9b70-81b5e3661d63/jolubuxakeze.pdfIn PDF document text
- http://lesokulovisu.pbworks.com/w/file/fetch/144496680/ejercicios_para_tener_un_abdomen_plano_y_gluteos_grandes.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/bc274c83-7946-47aa-8bdb-38bcde392b8f/44998194913.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/aec21736-a451-4a13-a06d-9af2e2487d05/tusotofigabonasogixi.pdfIn PDF document text
- http://siruzosu.pbworks.com/w/file/fetch/144453273/how_is_the_praxis_plt_7-12_scored.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/7f1ca288-651b-49ae-ada0-31de31f052d1/rilojo.pdfIn PDF document text
- http://feteselulo.pbworks.com/f/62066098821.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/c500945b-00b3-4902-98b8-361e77d64e71/how_to_use_cognitive_behavioral_therapy_for_addiction.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/e19a7aca-9777-4526-8efa-de6d3ae3ae3d/82530520688.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
- http://dejavu.sourceforge.netIn PDF document text
- http://dejavu.sourceforge.net/wiki/index.php/LicenseIn PDF document text
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0001010a.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1010A | 5176 bytes |
SHA-256: 9362b77d6ae4f053d46f46c0df52de48dfff4bd2916af8a9477bae9be91a0147 |
|||
font_01_sfnt_off0001128c.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1128C | 11984 bytes |
SHA-256: 695a796882ef9e320f1c7c603a06e592207634c792202a583e9f794770266a8a |
|||
font_02_sfnt_off000139c2.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x139C2 | 16204 bytes |
SHA-256: a95eff378c135b1ab40d10b3cd1da1bafbc07f86005f57898d079c90d712ddbd |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.