MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF file was detected as malicious by ML classifiers and ClamAV, specifically identified as a phishing trojan. It contains an embedded URI pointing to 'dafemum.ru', which is likely part of a phishing or malware distribution scheme. The document body, though heavily obfuscated, appears to be a lure related to a search query, designed to trick users into clicking the malicious link.
Machine Learning
- Nyx PDF Classifier malicious score 0.9999
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://dafemum.ru/strik?utm_term=what+color+is+similar+to+phthalo+blue
- http://ppl-nutrshopfit.website/2294948788g51o6.pdf
- http://helplnstagramoffice.com/denon_avr-s900w_firmware_update7m8ya.pdf
- http://levotavo.scienceontheweb.net/fivuvajit.pdf
- http://pidusejop.medianewsonline.com/oreck_air_filter_cleaning_instructions.pdf
- http://imedo.ru/38277484493a6snf.pdf
- https://cdn.sqhk.co/rijomawonuj/1hbTjez/how_to_sew_on_patches_on_leather_vest.pdf
- https://cdn.sqhk.co/meparifemoji/jibVigw/resawesafa.pdf
- https://cdn.sqhk.co/xexerekija/g6ighiz/vejosawodexajajides.pdf
- https://cdn.sqhk.co/fevivesuxofo/icha6hd/15157010682.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://75cc4b12-69da-4024-8422-75f9303faa99.filesusr.com/ugd/d6c222_baa04833551042a99857d708d7c5ad93.pdf?index=true
- https://61df3396-90b5-4b69-a3ae-475c9da6ebc5.filesusr.com/ugd/516574_5dc570d83b8e4e0fb28a46a1d232552b.pdf?index=true
- https://94ac7338-8c66-48ed-b7e4-01cccba3eff0.filesusr.com/ugd/9b8421_760381e892a14ad9a9ebe8ba55d01b0a.pdf?index=true
- https://s3.amazonaws.com/wobuzisibal/calculate_time_difference_in_crystal_reports.pdf
- https://s3.amazonaws.com/xoguwavosuje/advantages_and_disadvantages_of_multiculturalism.pdf
- https://1b6fe947-be7e-4494-9a94-f566f178d3d1.filesusr.com/ugd/89064d_c5c0cb42f1c341f589f3277ee0950471.pdf?index=true
- https://1527c8d3-3321-4e9f-872f-e2bebb57bac2.filesusr.com/ugd/bf2d42_90f9127230654b709e84cad69617b36d.pdf?index=true
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000e132.binbb38b89de55647fb6840d65be99fa4ca962767243643910a7d11b90508c043e0 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xE132 | 5324 bytes |
font_01_sfnt_off0000f325.binc21df3498dab24509458e20ea781efe4197f33572b1f535f8682549a370026be |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xF325 | 11360 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.