MALICIOUS
136
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1204.002 Malicious Link
The sample is a PDF document flagged by ML classifiers and ClamAV as malicious. It contains a heuristic indicating a 'Browser extension / update installation lure,' suggesting a social engineering attempt to trick the user. The embedded URL `https://xezojetit.ru/award?keyword=web+to+pdf+google+chrome+extension` likely leads to a malicious download or phishing page.
Machine Learning
- Nyx PDF Classifier malicious score 0.9998
Heuristics 5
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
Browser extension / update installation lure high SE_BROWSER_INSTALL_LUREDocument tells the user to install a browser extension, plugin, viewer, or browser update to view content — a common social-engineering path for credential theft and malware installation
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://xezojetit.ru/award?keyword=web+to+pdf+google+chrome+extension
- http://wijasagasipode.getenjoyment.net/rekobaxu.pdf
- https://cdn-cms.f-static.net/uploads/4460266/normal_6042ef6e7a174.pdf
- https://cdn-cms.f-static.net/uploads/4416494/normal_604a17f7e5d07.pdf
- https://cdn-cms.f-static.net/uploads/4379384/normal_602dade4e5c44.pdf
- http://midarujiwuvi.mygamesonline.org/42397027861.pdf
- http://premial.su/snark_tuner_battery_liferv5jk.pdf
- http://sezemowogoroz.iblogger.org/will_no_game_no_life_ever_get_a_season_2.pdf
- http://xulubapatoso.scienceontheweb.net/66910250254.pdf
- http://kojijeku.mygamesonline.org/interpipe_seamless_pipe_schedule_40.pdf
- http://barurizex.iblogger.org/do_dean_and_castiel_ever_get_together.pdf
- https://static.s123-cdn-static.com/uploads/4374704/normal_60095665e7d8b.pdf
- https://cdn-cms.f-static.net/uploads/4403421/normal_5fd27f297ffb8.pdf
- http://form-lnstagramcopyrightservice.com/11321816599j88pd.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- http://vekabun.myartsonline.com/where_can_i_donate_clothing_during_covid_19.pdf
- http://tenudif.epizy.com/patient_protection_and_affordable_care_act_full_text.pdf
- http://lojiwifi.epizy.com/mimenixekajigedetirew.pdf
- http://kobitosen.epizy.com/valupevizelomoxesomop.pdf
- http://labomodofu.epizy.com/how_do_i_get_google_maps_on_my_iphone.pdf
- http://gunebudapuko.epizy.com/cantate_domino_choral_sheet_music.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000f74f.bin7d2d0f2ceb69f259fbaee1d54e78d3e1d9fe52855c5feac933b986792dc8bf41 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xF74F | 5580 bytes |
font_01_sfnt_off00010a33.binbc2c2c9ed3d3ba08c6e953f15d042e81185ce1c9274bafcde2b7ec8d6d49c97e |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x10A33 | 11396 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.