MALICIOUS
112
Risk Score
Machine Learning
- Nyx PDF Classifier clean score 0.0010
Heuristics 5
-
Secondary embedded PDF body has suspicious static findings critical POLYGLOT_CHILD_PDF_STATIC_TRIAGEA valid PDF body was found at a nonzero offset inside another container and its carved contents matched PDF exploit or lure heuristics. This catches polyglots where the top-level magic routes to ZIP/OLE while a PDF reader or downstream parser opens the hidden PDF payload.
-
Payment redirection / bank-detail change lure high SE_PAYMENT_REDIRECT_LUREDocument describes new or changed bank, wire, ACH, IBAN, SWIFT, or routing instructions — a high-value business-email-compromise pattern
-
Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTONDocument contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://filesoftclub.club/fc/brookstone PDF link annotation
- http://www.fiacasyfutones.com.ar/userfiles/cummins-engine-repair-manual.xmlIn PDF document text
- http://piqiso.ru/userfiles/cummins-engine-service-manual-pdf.xmlIn PDF document text
- http://www.raumboerse-luzern.ch/mieten/bosch-shu43-manualIn PDF document text
- http://floreswindows.com/images/compaq-presario-4824-manual.pdfIn PDF document text
- https://hund-gerecht.com/images/compaq-presario-4814-manual.pdfIn PDF document text
- http://dag.ru/www.risingstars.com.tr/wp-content/plugins/formcraft/file-upload/server/content/files/1627317b2bb451---briggs-and-stratton-generators-5500-manual.pdfIn PDF document text
- https://www.thebiketube.com/acros-bosch-shu4302uc-manualIn PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://dejavu.sourceforge.netIn PDF document text
- http://dejavu.sourceforge.net/wiki/index.php/LicenseIn PDF document text
Extracted artifacts 6
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
stream_009_off00007f1b.bin |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x7F1B | 19996 bytes |
SHA-256: 8e639af5f37a01c952d7fa5ae521c275babc199f4d44038938bf51c1324a673d |
|||
font_01_sfnt_off0000b4f7.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xB4F7 | 19964 bytes |
SHA-256: 5154a7c8cf7a9b55c2f939ad6a4a8f8327cd6552b9f68a87c49d10dfc747eaa8 |
|||
polyglot_child_pdf_off0000000f.pdf |
polyglot-child-pdf | Secondary PDF body inside pdf container at offset 0xF | 91672 bytes |
SHA-256: f2e24234130a4fb09fdede2fa54df964e58921219c189c6a705089c6b350e644 |
|||
polyglot_child_pdf_off0000001e.pdf |
polyglot-child-pdf | Secondary PDF body inside pdf container at offset 0x1E | 91657 bytes |
SHA-256: fc60fa01c44b8ae4aae5575f72cb72847c9625bd12743081b3bfb2e23f5af69d |
|||
polyglot_child_pdf_off0000002d.pdf |
polyglot-child-pdf | Secondary PDF body inside pdf container at offset 0x2D | 91642 bytes |
SHA-256: a08965565f2100596fc9269c37c7dc5769db52ed728f33d1aa9a20ef43f2e4e4 |
|||
polyglot_child_pdf_off0000003c.pdf |
polyglot-child-pdf | Secondary PDF body inside pdf container at offset 0x3C | 91627 bytes |
SHA-256: 01550cd754fab178071b07be9bd52fb71f180693f23b3cf5b332913476c0c535 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.