MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The file is a PDF that contains embedded URLs, one of which is a direct link to another PDF. The ML classifier and ClamAV detection strongly indicate maliciousness. The document body, though heavily obfuscated, appears to be a lure related to a dictionary of symbols PDF, likely intended to trick users into downloading further malicious content.
Machine Learning
- Nyx PDF Classifier malicious score 0.9997
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://vilenefex.ru/wix?keyword=herder+dictionary+of+symbols+pdf
- http://opendouche.xyz/46297156475wbhol.pdf
- http://molipetofokeva.22web.org/hepatic_encephalopathy_guidelines_2017.pdf
- https://cdn.sqhk.co/rijomawonuj/5Argc0y/wanawitawuguje.pdf
- http://autobuff.xyz/xekomexipagosky81h.pdf
- http://lnstagramsupportinfo.com/worekuzadezaziq2mf.pdf
- https://cdn.sqhk.co/bidogefapo/2IgfSCI/34061991653.pdf
- http://tasenedujusinu.iblogger.org/3548313745.pdf
- http://ninozefumuwu.iblogger.org/airplane_performance_calculator.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://0ccb9a81-bd3c-41bd-bc79-2352350f0e5e.filesusr.com/ugd/95ea6b_a91a9099fcc34ba9aaa64d9ed97dadd0.pdf?index=true
- https://uploads.strikinglycdn.com/files/2109c74f-7c68-477f-b888-0006669043c2/will_there_be_a_6th_miss_peregrine_book.pdf
- https://uploads.strikinglycdn.com/files/93df8dfe-c66c-468a-bd4c-238d7ba9177e/would_you_rather_questions_for_kids_printable.pdf
- https://s3.amazonaws.com/jinotugiwomo/xokif.pdf
- https://s3.amazonaws.com/bajapovogam/darkest_minds_imdb_parents_guide.pdf
- https://s3.amazonaws.com/zodererezuzuxi/petty_cash_ledger_template_excel.pdf
- https://d4078116-a2d5-466f-97e6-20d899f6ca30.filesusr.com/ugd/576447_a5cf8c486c4a4a1abdc39fbbbb141eee.pdf?index=true
- https://uploads.strikinglycdn.com/files/f4d8fee2-0e04-42e4-a05b-94536eb1b358/50_shades_freed_netflix_usa.pdf
- https://8a7e94d2-1b07-4399-8a7b-cfebf1eb419e.filesusr.com/ugd/e78b77_3f56222b1c4e43dc88f358098b2457bb.pdf?index=true
- https://uploads.strikinglycdn.com/files/256eaaa1-e544-4019-adf6-6ff2d44a18cd/fegavanixezisi.pdf
- https://s3.amazonaws.com/lovetijif/1637971746.pdf
- http://xaxevuvu.epizy.com/74986256408.pdf
- https://s3.amazonaws.com/fokapikow/adobe_reader_plugin_chrome.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000d5bb.binb6e1d7d0c3a136924e747c3b44a790fa8e563f161006831d4d9b70d30cfdaddd |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xD5BB | 5504 bytes |
font_01_sfnt_off0000e85e.binad9680e17ec36689d7912ae10e2aa15767a9e35efd4291a448d8e1b255b9c889 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xE85E | 10488 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.