MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF file was detected as malicious by ML classifiers and ClamAV, indicating a phishing or trojan payload. It contains an embedded URI pointing to a suspicious domain, likely intended to host a malicious payload or redirect the user to a phishing site. The document body, though heavily obfuscated, suggests a lure related to 'lucky colors for 2021'. No scripts were extracted, but the presence of external URIs and the overall detection profile strongly suggest a phishing or downloader attack pattern.
Machine Learning
- Nyx PDF Classifier malicious score 0.9991
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://nipisod.ru/award?keyword=horse+feng+shui+lucky+colors+for+2021 PDF link annotation
- http://fafesixokegigi.getenjoyment.net/how_to_use_midi_with_reaper.pdfIn PDF document text
- http://jefevivavifax.scienceontheweb.net/safety_first_infant_thermometer_instructions.pdfIn PDF document text
- http://jafoxidulez.mypressonline.com/titesonijumizek.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- http://www.daltonmaag.com/In PDF document text
- https://uploads.strikinglycdn.com/files/50e4bfb5-3cdc-40f4-833c-3970fb5a4f65/22357659249.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/91317b84-d0d9-4455-bde4-2ca6fc156c87/diet_evolution_reviews.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/23b3c650-4434-4a58-be9c-1cef4f0e8932/echo_srm_230_weed_eater_reviews.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/9fb2e682-6ef7-42cd-b44e-4b0771ec2cb4/hindi_bible_verses_app_download.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/9d64026c-be9a-432f-95c9-501d9b757821/gukam.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/17c119f6-33c8-41b5-8d4b-8d47e9984e83/15012171183.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/14064e8c-a9a6-4ad7-ba46-114ac0e6e791/lixutadoxopufazixerelagap.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/174983ca-34a0-4290-a4d2-58d7f4747307/how_to_reset_replace_drum_on_brother_printer.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/697abb4b-2f69-40d1-b337-f8b2f8f6d2a9/hallelujah_chorus_from_messiah_genre.pdfIn PDF document text
- http://bufijonewufo.onlinewebshop.net/que_puede_causar_dolor_en_la_ingle_mujer.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/bc6f435a-3100-423e-83c7-138627d4ff6c/siminetawasilorata.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/15b44568-2d28-4284-89d1-1cf04d71a9dd/cuales_fueron_las_consecuencias_de_la_guerra_de_las_100_horas.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/827b4840-33fd-43b6-8cb5-5e2d07097b65/manual_pedaleira_digitech_rp80.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/bf9b8701-e03a-40d8-90b7-db436304f5b9/juxesupazo.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/b47b28eb-e80d-4fa9-b6c7-99c6dc1a80f5/mevukadelutotesibe.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/39e59975-41ae-4d1d-a86e-287e0cef6772/deziji.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/6b071df7-6f41-4e0a-b272-fb3c764b389c/malelolesemusopisol.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/3e49b5ad-7126-464b-869e-d172d66ff9f0/elizabeth_and_jane_bennet_quotes.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/d31b5de7-8bff-49cf-a936-b6584105d09a/how_to_install_programs_on_ti_nspire_cx_cas.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/6c917a85-cd68-4ba5-8b7e-d2149823baa9/us_marine_corps_scout_sniper_training_manual.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000e3fc.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xE3FC | 5188 bytes |
SHA-256: 2a92ed1dec838fa54b8c4a0852aec48572af27822a9d63f8c92fc3d657732fd3 |
|||
font_01_sfnt_off0000f5a3.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xF5A3 | 9800 bytes |
SHA-256: bed9b134033b169b1e0f4b8359d7703a6f5f4b6da339e3f5f2c8bd279a558872 |
|||
font_02_sfnt_off00011723.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x11723 | 4324 bytes |
SHA-256: a542ec26cea93e049a2e27cd59b1347dd9bbdea13775fd7b822b3c2b3136116f |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.