MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
This PDF file was flagged by a machine learning classifier and ClamAV as malicious, indicating a high probability of malicious intent. The embedded URL suggests a phishing or malware distribution attempt, likely leveraging the 'Spearphishing Attachment' technique. No scripts were extracted, but the presence of embedded URLs and the overall detection score point towards a malicious document designed to redirect users to potentially harmful content.
Machine Learning
- Nyx PDF Classifier malicious score 0.9983
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://feedproxy.google.com/~r/sq/ugae/~3/UZrB20b2Dcg/square?utm_term=canna+lily+life+cycle
- https://static1.squarespace.com/static/60bf6c89a2b0b938881bcf91/t/60e815204261ba7980635bbd/1625822497014/common_idioms_and_their_meanings.pdf
- https://static1.squarespace.com/static/60bf6bff0d8d387fecc8b153/t/60f5edb3c035c176032685f6/1626729907214/auto_clicker_for_one_application.pdf
- https://static1.squarespace.com/static/60aac52a97a1d73ddacfe14c/t/60e8b85ab7022a177a58816c/1625864282623/an_interesting_question_in_spanish.pdf
- https://static1.squarespace.com/static/60bf6bff0d8d387fecc8b153/t/60f377dd9c7c9f0ea99c5010/1626568669665/the_lottery_shirley_jackson_antagonist.pdf
- https://static1.squarespace.com/static/60aac52a97a1d73ddacfe14c/t/60e8d7788b9e53115d6729bd/1625872248274/meghan_markle_prince_harry_baby_archie.pdf
- https://static1.squarespace.com/static/60bf6c89a2b0b938881bcf91/t/60ed971ee0c6fb60661353ca/1626183454266/zolidejuvoluleko.pdf
- https://static1.squarespace.com/static/60aac4dd19f082755c4e5c69/t/60f3a5a1668793736d355f9a/1626580386079/comma_after_prepositional_phrase.pdf
- https://static1.squarespace.com/static/60aac5994c6b1805bc4acbdb/t/60ed89256ebf0d48ea90b18e/1626179877692/new_tamil_dubbed_hollywood_movies_list.pdf
- https://static1.squarespace.com/static/60bf6bff0d8d387fecc8b153/t/60f5a57d956d4479f9f92ace/1626711421150/notes_of_class_11_chapter_1_physics.pdf
- https://static1.squarespace.com/static/60bf6cad3a95e91b59aa2418/t/60edc2ef2e8a4a2aca76cf10/1626194671276/shrill_by_lindy_west.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://dejavu.sourceforge.net
- http://dejavu.sourceforge.net/wiki/index.php/License
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000fb79.bin9d2294e344127da9ddc2b77d68b1576b6b78373885bc9da2859f180a98f2c1e1 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xFB79 | 16792 bytes |
font_01_sfnt_off0001138b.bin07b8a7b654bfeb6e6a5b9eac48c46f3095e634cb3ee713a01c3f72fc33e73e27 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1138B | 17380 bytes |
font_02_sfnt_off000140ce.bin2474f7798830934714a759360e710a4eac76aeff2ba762a06534e50da93d65b6 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x140CE | 9988 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.