MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
This PDF file was flagged as malicious by a machine learning classifier and ClamAV, indicating a high likelihood of malicious intent. It contains an embedded URI pointing to 'https://jacksth.ru/strik?utm_term=amar+chitra+katha+books+pdf', which likely serves as a lure to download further malicious content. The presence of multiple external URLs suggests a phishing or credential harvesting attempt.
Machine Learning
- Nyx PDF Classifier malicious score 0.9997
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://jacksth.ru/strik?utm_term=amar+chitra+katha+books+pdf
- http://uscreditinquiry.info/86760784047aeepj.pdf
- http://kepogosibasenip.iblogger.org/70527251014.pdf
- https://cdn-cms.f-static.net/uploads/4447885/normal_6031139e94815.pdf
- http://kutakelipaxeb.22web.org/business_dashboard_templates_powerpoint.pdf
- http://leqqurint.online/76077979366jevio.pdf
- http://art-practice.org/nomigesmmqi0.pdf
- http://toolsbestpricemicrometer.site/lovez04lks.pdf
- https://cdn-cms.f-static.net/uploads/4467277/normal_6029d5916db38.pdf
- http://vertitribe.store/5886443683gk8p8.pdf
- http://nunanokipikade.22web.org/battle_cats_crazed_cow_guide.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- http://sezusin.rf.gd/project_risk_management_books.pdf
- https://f77c8dad-41d7-4a8f-8d8d-c05149a3a236.filesusr.com/ugd/36d413_4e312dddbf6945f1aa982e89ba16ccc5.pdf?index=true
- https://2521c3e2-5736-45bb-9381-71005f2ffa37.filesusr.com/ugd/c85705_0b3338e603f845bf832352d9bfeaab3b.pdf?index=true
- http://mimosoxokilufaf.epizy.com/xakidazoleg.pdf
- https://s3.amazonaws.com/dafumuxitupav/how_to_be_smart_in_mind.pdf
- https://s3.amazonaws.com/tuzamada/google_chrome_android_bookmark_bar.pdf
- https://s3.amazonaws.com/nuvukivaxiren/naxinukuzuxisigiwizu.pdf
- https://s3.amazonaws.com/dujepav/93099213636.pdf
- https://s3.amazonaws.com/xoferuzu/crochet_patterns_for_bernat_super_bulky_yarn.pdf
- https://2b81f3f0-3f46-42ff-87a7-5865dd96cd3c.filesusr.com/ugd/fb41f9_a3d3c9ae6d8f482f83953a0a16f91418.pdf?index=true
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000ddc3.bine287220ff9079fda8934334a99ab0ed2380e5561184efb14119827a0df29e353 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xDDC3 | 5556 bytes |
font_01_sfnt_off0000f06e.bin6436214169b01c95aa4e7afad8a6a3267c933459c02c19a7dfb487bc885f5cd0 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xF06E | 4152 bytes |
font_02_sfnt_off0000ffb1.bin1d946cb97f72c77626e71efc86fcd85a0ca03107b495707750e452ef47ff0136 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xFFB1 | 11204 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.