MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The file is identified as malicious by ML classifiers and ClamAV, specifically as a phishing trojan. The document body, though heavily obfuscated, contains references to 'Scala rider g9x manual' and an external URL, suggesting a phishing lure. The presence of embedded URLs and the nature of the detection point towards an attempt to redirect the user to a malicious site.
Machine Learning
- Nyx PDF Classifier malicious score 0.9998
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://seumenha.ru/strik?utm_term=scala+rider+g9x+manual
- http://bugosegu.scienceontheweb.net/renozinenabomowesiwilojof.pdf
- https://cdn-cms.f-static.net/uploads/4504554/normal_602f1c7ed037a.pdf
- http://manibupefif.mypressonline.com/55866074373.pdf
- https://cdn-cms.f-static.net/uploads/4446398/normal_605fabc939679.pdf
- http://warowusavi.mywebcommunity.org/61950577130.pdf
- http://jofipifemu.medianewsonline.com/86118047124.pdf
- http://nemagufi.mywebcommunity.org/estados_financieros_contabilidad.pdf
- http://palaxofivuleduj.medianewsonline.com/hindu_arabic_number_system.pdf
- http://maxufadewodov.22web.org/what_are_the_7_human_needs.pdf
- https://cdn-cms.f-static.net/uploads/4424013/normal_5fe9360899e2f.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://s3.amazonaws.com/zubuwujoxom/wigeze.pdf
- https://ed36ca5d-e6e9-4caf-8bbb-3a8af5cfee16.filesusr.com/ugd/971556_778dcf14ef904308a4787bb3eb114307.pdf?index=true
- http://ferenekukosazu.epizy.com/long_division_worksheets_grade_3.pdf
- http://diwavubodinaroj.myartsonline.com/tatugokavemozimixarisizi.pdf
- https://s3.amazonaws.com/davolazupivowi/83499903997.pdf
- http://vumubogapem.epizy.com/grade_7_math_textbook_mcgraw_hill.pdf
- http://duxegejuw.atwebpages.com/auxinas_scielo.pdf
- http://vosowetawevu.epizy.com/71708362256.pdf
- https://737c154f-ca75-4484-807d-9d5c19d76377.filesusr.com/ugd/7e84b7_57f340ded3274ea6b1255a96d08a8c4a.pdf?index=true
- https://d99d9bf7-a5e0-49f2-90ac-0d1bc881463d.filesusr.com/ugd/0182ef_dec41777327e46da98f56ddc2a63a7b9.pdf?index=true
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000ed57.bin035345570b71e3c06aaeaf5b06f610a2f8c9c9b23af86a21ee5c8f26aa6f9b85 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xED57 | 5408 bytes |
font_01_sfnt_off0000ffab.bin6eb029fd27ffd34efaca38da66b7974153eba10c647cc6f06d60747708729119 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xFFAB | 13392 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.