MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The file is a PDF containing an embedded URL that redirects to a suspicious domain, likely for phishing or malware distribution. ClamAV and ML classifiers flagged it as malicious, and the PDF structure includes an external URI pointing to a potentially malicious site. No scripts were extracted, but the presence of the malicious URL is a strong indicator of malicious intent.
Machine Learning
- Nyx PDF Classifier malicious score 0.9997
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://midufefew.ru/wix?keyword=inside+reporting+tim+harrower+pdf
- http://latuha.com/darazekonokasuvamesianb6.pdf
- https://cdn.sqhk.co/vigeroti/jfOidii/48412326748.pdf
- https://mamufitixiru.weebly.com/uploads/1/3/4/6/134640278/wavawigi_tilibiweruruja_japufona_vukukevojisa.pdf
- https://dewuvibemezifo.weebly.com/uploads/1/3/4/7/134763410/mipowojisagejilil.pdf
- http://urologo.store/21682488445wq1g7.pdf
- http://boost-shop.xyz/sri_rudram_laghunyasam_benefitsvqft1.pdf
- https://cdn.sqhk.co/zoluxoni/e3hhgBu/41274562450.pdf
- https://cdn.sqhk.co/tixukiko/hdP5Sib/mezedivatomoda.pdf
- http://padojuputiki.iblogger.org/jabidadewek.pdf
- https://nubodizigo.weebly.com/uploads/1/3/5/3/135346475/3cd774df09580d4.pdf
- https://cdn.sqhk.co/lesepivir/5KPUhfC/vexing_definition_and_example.pdf
- https://cdn.sqhk.co/vudupapuj/e4GidM8/comic_life_3_for_school.pdf
- https://wabezapodila.weebly.com/uploads/1/3/1/4/131437306/mepedevelatixas.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://s3.amazonaws.com/tufitijinexu/is_rogue_lawyer_part_of_a_series.pdf
- http://sowinoto.epizy.com/accessibility_in_tourism.pdf
- https://uploads.strikinglycdn.com/files/37e600ac-e502-45ee-b156-1d709ec8c4fe/44556045534.pdf
- https://s3.amazonaws.com/jivagajamav/senumijow.pdf
- https://s3.amazonaws.com/juduk/formal_attire_crossword_clue.pdf
- http://suferipuwa.epizy.com/pitukopebetunukimusip.pdf
- https://uploads.strikinglycdn.com/files/7bed1803-1c0d-49ca-8221-e696cf92da3d/is_the_tomtom_app_any_good.pdf
- http://mujigivufutufu.rf.gd/cbr_test_procedure_on_site.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000df38.bin0f9e069a0a22134c05bdb29c7f0a6bce8dae8f1ccb39d529c65441e3519b4231 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xDF38 | 5452 bytes |
font_01_sfnt_off0000f1a9.bin0c8016f501f8ec03108d0a9db3fe38675af073211c9db0f2708313f0405a536a |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xF1A9 | 10968 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.