MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The file is identified as a malicious PDF by ClamAV and an ML classifier. It contains an embedded URI pointing to 'https://resalured.ru/strik?utm_term=pact+of+the+tome+invocations', which is likely a phishing lure. The PDF structure and embedded content suggest an attempt to trick the user into visiting this external resource, aligning with spearphishing tactics.
Machine Learning
- Nyx PDF Classifier malicious score 0.9996
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://resalured.ru/strik?utm_term=pact+of+the+tome+invocations
- https://cdn.sqhk.co/pexufenek/f0xgc79/castle_of_glass_video_song.pdf
- https://cdn.sqhk.co/peluxisomex/ihqjbI6/15604164525.pdf
- http://biolinkus.me/wavasumotibimogipupozukip6f3zv.pdf
- http://toxusuzom.mypressonline.com/112109225.pdf
- http://help-lnstagram-verifycopyrgiht.com/377607634346uz7.pdf
- http://erogan-columbia.site/614154189219dae1.pdf
- http://legalvictory.group/why_are_my_pc_speakers_buzzingkdjxd.pdf
- http://kigumelez.medianewsonline.com/17886450101.pdf
- https://cdn.sqhk.co/zewulutaj/hebZieE/battery_operated_lights_with_timer_for_wreath.pdf
- http://makamar.xyz/675658251214hkfo.pdf
- https://cdn.sqhk.co/minamojazi/LpLyiji/drift_trike_axle_kit_canada.pdf
- http://interbank.link/wordpress_json_api_user_registrationbpj23.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://b5b764bc-4fc6-48d7-9a4b-423a4d05f225.filesusr.com/ugd/3f2390_46f616459b714d268e5c8da1c9e28647.pdf?index=true
- https://uploads.strikinglycdn.com/files/2496da48-3cb6-4616-a350-d9f6b874243e/bissell_vacuum_cleaner_bags_style_7.pdf
- https://uploads.strikinglycdn.com/files/8ebaddbc-93b0-488f-9a5a-2a70dff22634/kesototuwitipubavagaze.pdf
- https://uploads.strikinglycdn.com/files/dcfe1d26-6cd8-422d-b5d0-02d1c95caeb0/taco_bell_menu_cravings_box.pdf
- https://df6a9abb-74f3-47e1-b359-fe6d1019da36.filesusr.com/ugd/7921d2_f3e7b3b7445148469ddbec620c6ef178.pdf?index=true
- https://uploads.strikinglycdn.com/files/0c986fdc-b691-4dbe-881c-fd0dbc65641d/juvufutalu.pdf
- https://b3a1a1c9-4f8f-4fb8-b7cc-7339030cc889.filesusr.com/ugd/162fe6_70b88b41045745cd87b4fb7279a29b22.pdf?index=true
- http://revodez.myartsonline.com/67893511243.pdf
- http://rizivubonulej.atwebpages.com/70760347616.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000ff41.bin2ba9bedc6fc355ce8b1d797c26f0cc82e52be7cbde8b6b3f8ed9e82c3f0670fc |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xFF41 | 5052 bytes |
font_01_sfnt_off0001105d.bin7aa7f66633ecae1a7c61189b16869bd3e5151bec16db7e72cd331cf5eb6cb3a2 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1105D | 10132 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.