MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF file was flagged as malicious by ML classifiers and ClamAV, indicating a phishing or trojan payload. The embedded URL, https://mezovuduw.ru/award?keyword=data+structures+and+algorithms+using+python+pdf+download, suggests a lure related to downloading a PDF, likely a phishing attempt. No scripts were extracted, but the overall structure and URL point towards a malicious document designed to trick users.
Machine Learning
- Nyx PDF Classifier malicious score 0.9638
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
-
External URI info PDF_URIPDF contains an external URL action
-
PDF differential parser failed info PDF_DIFFERENTIAL_PARSE_FAILEDThe cross-check parser (pdfminer.six) failed on this file: PDF differential parser failed: PDFSyntaxError. Static heuristics still ran and any of their findings above are valid; only the differential cross-check signal is missing.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://mezovuduw.ru/award?keyword=data+structures+and+algorithms+using+python+pdf+download
- https://cdn-cms.f-static.net/uploads/4406191/normal_6037615d098bf.pdf
- http://fepaporipevari.mypressonline.com/1216588449.pdf
- https://cdn-cms.f-static.net/uploads/4416789/normal_6020b96586a5f.pdf
- https://luwozupewudaxu.weebly.com/uploads/1/3/1/3/131384663/gefovise.pdf
- http://jakor.pro/denon_avr-x2100w_price_in_indiab9n45.pdf
- https://kisivapatefiru.weebly.com/uploads/1/3/4/3/134333063/vaparuzilu-fizokupiri.pdf
- https://static.s123-cdn-static.com/uploads/4477408/normal_5fe275fc3b0a4.pdf
- http://levelupguild.com/birepamudejimixagsmcd7.pdf
- https://cdn-cms.f-static.net/uploads/4370985/normal_603e733db0cc3.pdf
- http://zurujavurobe.scienceontheweb.net/verbos_regulares_e_irregulares_en_ingles_en_pasado_simple.pdf
- http://car-test.pro/classroom_management_books_for_teacherswao8e.pdf
- http://wesaremujoworu.22web.org/gotranscript_audio_test_answers_december_2018.pdf
- http://lastasked.com/meme_generator_pro_patched_apk6nnjr.pdf
- http://vazawujuzu.sportsontheweb.net/55973187530.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- http://ratebasazor.epizy.com/ketez.pdf
- http://pokitudid.epizy.com/lemisarixegopukotorisin.pdf
- http://nabenejajoko.myartsonline.com/what_is_naturalistic_drama.pdf
- http://xefokezutuvij.epizy.com/apk_er_website_apps._evozi.pdf
- https://uploads.strikinglycdn.com/files/f0d38f05-2f0a-4229-8b5a-d2664ac83c0f/fallout_4_companions_reactions_to_factions.pdf
- https://uploads.strikinglycdn.com/files/8b876ca3-6b0f-4bc8-879c-0568fbe2cb5b/sowuzokolilozelikuweka.pdf
- https://uploads.strikinglycdn.com/files/811f3bf9-9b2e-4f4d-8593-4395305e67b3/xujesanadofejol.pdf
- https://uploads.strikinglycdn.com/files/9d99f432-0f64-4991-8bc4-6f72a44eeef7/transcendental_meditation_youtube_videos.pdf
- http://gimobomir.epizy.com/fosepadapameg.pdf
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000f6ba.bin31ccde4cafcf11f25f7e0b072dbe47fad7ff49abb3bf8f4c17124f79c5c99a7f |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xF6BA | 5760 bytes |
font_01_sfnt_off00010a48.bin8cc78e7d3681e3d73a676b6bd306586830bd90ff59e0ae0453b787576c45cb72 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x10A48 | 10296 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.