MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF file was flagged by a machine learning classifier and ClamAV as malicious, specifically as a phishing trojan. The document body, though heavily obfuscated, contains text related to 'used john deere tractors for sale ontario', suggesting a lure. The primary IOC is an external URI pointing to a suspicious domain, likely intended to host a malicious payload or redirect the user to a phishing site.
Machine Learning
- Nyx PDF Classifier malicious score 0.9993
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://jumiwimov.ru/123?utm_term=used+john+deere+tractors+for+sale+ontario
- https://silorofolukut.weebly.com/uploads/1/3/4/2/134265947/2c1a81faa0ef.pdf
- http://dreabling.online/18930776300wfy1r.pdf
- https://depumubawaminuk.weebly.com/uploads/1/3/4/2/134236244/wefuxepetami.pdf
- http://car-test.pro/25385645483fsl0m.pdf
- http://dazenad.iblogger.org/sokovefizepovanesogare.pdf
- http://ctyr.ru/disney_princess_costume_bundlebudhx.pdf
- http://keysecret.ru/logb_personality_test_online3rbe6.pdf
- https://dugixezixek.weebly.com/uploads/1/3/4/3/134344389/bevatiteliwibivuzor.pdf
- https://ranaxeli.weebly.com/uploads/1/3/4/4/134478161/8a7bf.pdf
- https://xiwogape.weebly.com/uploads/1/3/0/9/130969270/1944818.pdf
- https://zozolesib.weebly.com/uploads/1/3/4/6/134631165/tapujamo.pdf
- http://lizanuj.22web.org/tovuno.pdf
- http://grigolia-studio.ru/la_ruta_hacia_el_dorado_psx_espaolgirus.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://uploads.strikinglycdn.com/files/9f01b06e-63c5-45df-8d52-988bcb9fb018/how_to_get_jvc_camcorder_out_of_safeguard_mode.pdf
- http://tixuveji.epizy.com/canarsie_high_school_for_medical_professions_uniform.pdf
- http://jikusipuxojapu.epizy.com/s_tecappvault_2015_caesium_image_compressor_free.pdf
- http://vulomalizekuvu.rf.gd/funny_groom_wedding_speech_template.pdf
- https://uploads.strikinglycdn.com/files/72aa89e7-818c-425e-97fe-0b09df5a5f8e/fantastic_beasts_and_where_to_find_them_2_movie_review.pdf
- http://poxemibusap.epizy.com/98007221440.pdf
- http://timodetunidup.epizy.com/zobapako.pdf
- http://zovopabipani.rf.gd/jadawegojezuso.pdf
- http://soroxafuvi.epizy.com/23595305823.pdf
- https://uploads.strikinglycdn.com/files/8b3a1462-4721-4527-9a28-bb35146a26c0/how_to_train_to_get_ready_for_the_marines.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000ed35.binae076d6833ff13d485d81552d0ca1c5ca53f64c78693e19e969604fcb147363b |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xED35 | 5176 bytes |
font_01_sfnt_off0000fed2.bin055f837cab7367a608b237e7fb958ee9dcc5ad221a6d0773d5a933e26a1513fc |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xFED2 | 11108 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.