MALICIOUS
136
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The file is identified as a malicious PDF by ML classifiers and ClamAV. It contains embedded URLs and a heuristic firing for 'Password-Protected Archive Lure', indicating it's designed to trick users into decrypting a payload. The presence of embedded URLs suggests a phishing or social engineering attack vector, likely delivered as a spearphishing attachment.
Machine Learning
- Nyx PDF Classifier malicious score 0.9997
Heuristics 5
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
Password-protected archive handoff high SE_PASSWORD_ARCHIVE_LUREDocument gives password instructions for an archive or attachment — often used to keep payloads encrypted until after gateway scanning
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://jacksth.ru/award?keyword=riesgos+psicosocial+pdf
- http://8gusevshop.website/shoretel_voicemail_reporta4yny.pdf
- http://baugroup.info/i_am_different_but_i_am_perfect_meaning_in_tamil19iu3.pdf
- http://virnet77.ru/sononedigarawofizeruzoafxqa.pdf
- http://idealica-co.site/aviation_weather_services_study_guideqpxrt.pdf
- http://magnifioco.site/how_much_does_teach_your_monster_to_read_costo7yo1.pdf
- http://ultra0.space/goliath_must_fall_session_1d7hff.pdf
- http://sfhgfje5df.xyz/trim_a_home_christmas_tree_manuali2bi7.pdf
- http://pufivuziviv.mypressonline.com/fire_and_ice_animated_movie_trailer.pdf
- http://tiktokfrance.fun/rinovawi4dufl.pdf
- http://funseeds.site/119577302375qpcd.pdf
- http://mabay.fun/96321993764eitrz.pdf
- http://particulier-societegenerale.xyz/30501136098xvaef.pdf
- http://marketitaly.info/learn_english_speakinggh8rk.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://uploads.strikinglycdn.com/files/621133f8-129c-470a-bdd6-71c281f69d51/69140760354.pdf
- https://uploads.strikinglycdn.com/files/cc101b4a-e2b4-4e21-b68b-87daa487c707/redewixatop.pdf
- https://uploads.strikinglycdn.com/files/ed1889f7-50da-4b58-8985-ae1b5efc07fb/xegeli.pdf
- https://uploads.strikinglycdn.com/files/a8187ef2-0b20-49f4-a589-2d4927c760bd/sansa_clip_zip_8gb.pdf
- https://uploads.strikinglycdn.com/files/b9e1a54f-cf61-4890-9723-0c097dd7092e/19752808908.pdf
- http://kalasoziluxolim.myartsonline.com/99870736709.pdf
- http://xedemigu.atwebpages.com/91157378171.pdf
- https://uploads.strikinglycdn.com/files/a6b14ca0-be18-4843-aa34-5bfd210be6ff/77002304635.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00010fb3.bin4f4c057ad902d324f880704427e66da502293e6a018dca5a7b9058ccbe3a8acb |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x10FB3 | 5236 bytes |
font_01_sfnt_off000121a0.bin7e7c094825322523ca8d21a56e8cbd429b7031a82e97befc4b198375bc71aa21 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x121A0 | 11852 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.