MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The file was detected as malicious by ML classifiers and ClamAV, indicating a high likelihood of malicious intent. The embedded URL points to a suspicious domain, likely a phishing site. The PDF structure and embedded content suggest it's used as a lure, potentially for credential harvesting or further malware delivery.
Machine Learning
- Nyx PDF Classifier malicious score 0.9997
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://catamma.ru/pbw?utm_term=literary+techniques+in+wuthering+heights
- https://cdn-cms.f-static.net/uploads/4367281/normal_6064c7c1de7cb.pdf
- https://cdn-cms.f-static.net/uploads/4496374/normal_602d52a0bac94.pdf
- https://cdn-cms.f-static.net/uploads/4473023/normal_6049abc7b1ed3.pdf
- https://cdn-cms.f-static.net/uploads/4384145/normal_602cee699d18d.pdf
- https://cdn-cms.f-static.net/uploads/4506159/normal_5fdc5007589e6.pdf
- https://static.s123-cdn-static.com/uploads/4393925/normal_60045e5a42aed.pdf
- https://cdn-cms.f-static.net/uploads/4472486/normal_60625e50efb1f.pdf
- https://cdn-cms.f-static.net/uploads/4384471/normal_602a18e5c844d.pdf
- https://cdn-cms.f-static.net/uploads/4365541/normal_6041ae8cbba1c.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- http://kevukimugo.pbworks.com/f/67763551013.pdf
- https://uploads.strikinglycdn.com/files/4cb9aeda-ae1e-41f0-8ccc-04fa5f0d5ad4/ridamibezakiz.pdf
- https://uploads.strikinglycdn.com/files/a58742ec-ecdd-4a23-877d-c648ee220932/javugig.pdf
- https://uploads.strikinglycdn.com/files/0d876e97-89b6-4976-ac4f-cb651a38ada1/32800713224.pdf
- https://uploads.strikinglycdn.com/files/b44660c6-36dd-44b9-bcb9-54347f13eef1/14795680818.pdf
- https://uploads.strikinglycdn.com/files/2530a29c-2ff3-4ea6-83de-ec267cfb4508/breville_smart_oven_air_fryer_bov860_review.pdf
- https://uploads.strikinglycdn.com/files/38535926-36de-4ad3-a5cf-745bc3881e8e/major_themes_in_anthem.pdf
- https://uploads.strikinglycdn.com/files/8214ea2b-5df8-42dd-be21-4180a4840c77/fewawetaniwuveza.pdf
- http://vifogajo.pbworks.com/f/34601230613.pdf
- https://uploads.strikinglycdn.com/files/bfc9dda2-efb6-4993-9e5e-05a0e67b992f/17184083074.pdf
- https://uploads.strikinglycdn.com/files/b8157bd2-64c3-493a-bc3d-24723753b255/nugopipovorexif.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000e19a.bina5840df716aad0d7427b49cd312d32bbedf9a41e15fad88a60b2035d137fe86d |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xE19A | 5288 bytes |
font_01_sfnt_off0000f3ae.bind29fd5bd01fb324dbfded607de4f998594bd85d2f52fa3a03b5c678884e5350f |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xF3AE | 10924 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.