MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF file was detected as malicious by ML classifiers and ClamAV, indicating a phishing or trojan payload. It contains an embedded URI pointing to a suspicious domain, likely intended to redirect the user to a malicious site. While no scripts were explicitly extracted, the PDF structure and embedded URI suggest an attempt to exploit user trust through a deceptive lure.
Machine Learning
- Nyx PDF Classifier malicious score 0.9997
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://jumiwimov.ru/aws?utm_term=what+is+the+best+lighting+for+studio+photography
- http://betogav.22web.org/what_are_wendys_chicken_nuggets_made_out_of.pdf
- http://gopadaxin.mywebcommunity.org/3043200015.pdf
- http://rumagadoli.22web.org/xudivivepubodanidufege.pdf
- https://cdn.sqhk.co/zalenemu/QibrhhN/domino_s_pizza_menu_with_price_2020.pdf
- https://cdn.sqhk.co/mogowepuw/Fzjfjax/80s_music_hits_playlist.pdf
- http://bejisosubonito.sportsontheweb.net/casio_g_shock_multiband_6_tough_solar_price.pdf
- http://fuwijumazawad.mywebcommunity.org/getting_more_stuart_diamond_ebook_free_download.pdf
- https://cdn.sqhk.co/jusupovexewa/cD4E6oP/jemajojejiluzikubotog.pdf
- https://cdn.sqhk.co/tabuguran/cjjhgJA/7_words_game_answers.pdf
- https://cdn.sqhk.co/titesojijuko/ehhgiQX/viral_outbreak_tv_shows.pdf
- https://cdn.sqhk.co/puvijupem/oih1hin/don_t_touch_my_phone_wallpaper_3d_hd.pdf
- http://juxaxukavaxi.iblogger.org/lidijadozegebagiwo.pdf
- https://cdn.sqhk.co/kixagixupo/LIgjjhg/simple_sandbox_mod_apk_1._5._1.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://s3.amazonaws.com/wutogugej/xamomoda.pdf
- https://uploads.strikinglycdn.com/files/5f8a7f3e-ed6b-4ad0-bbc8-3f65af0554d1/veduxiwasebevodojome.pdf
- https://s3.amazonaws.com/zidosozawok/woponubirogi.pdf
- https://s3.amazonaws.com/gateme/engagement_invitation_templates_online_free.pdf
- http://dowuvoduwitovos.atwebpages.com/how_to_set_up_xfinity_cable_box_2020.pdf
- https://uploads.strikinglycdn.com/files/9a993cc6-bf9f-41f8-ad1f-b69d47a82c80/interior_design_software_free.pdf
- http://zafuriket.rf.gd/bubinikawunepipuvuw.pdf
- https://uploads.strikinglycdn.com/files/08cd107a-f280-4b75-b649-e0ab821d01c3/how_do_i_reset_my_honeywell_air_purifier.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000eb96.bin1f5344ab652adfa6ce60ca95b088de0d25f54640ee378402c1cd71dba5198476 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xEB96 | 5556 bytes |
font_01_sfnt_off0000fe84.binba4593497facfa6d743b4ed6ca7187aa935f934af9907d09abd4090ec70d1f7c |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xFE84 | 9624 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.