MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
The sample was detected as malicious by ClamAV and an ML classifier, indicating a high likelihood of malicious intent. The PDF contains embedded URLs, one of which is a feedproxy URL, suggesting a potential lure to a phishing or malware distribution site. Although no scripts were explicitly extracted, the PDF structure and embedded URLs are indicative of a phishing or credential harvesting attempt.
Machine Learning
- Nyx PDF Classifier malicious score 0.9984
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://feedproxy.google.com/~r/sq/ugae/~3/J-SxIuB37Ms/square?utm_term=2020+most+livable+cities
- https://static1.squarespace.com/static/60aac52a97a1d73ddacfe14c/t/60e8160897884458c9a3f318/1625822728430/my_pc_is_restarting_on_its_own.pdf
- https://static1.squarespace.com/static/60bf6cad3a95e91b59aa2418/t/60ec91d6bcf8be39b5066a69/1626116566424/fahrenheit_451_book_256_pages.pdf
- https://static1.squarespace.com/static/60aac5994c6b1805bc4acbdb/t/60e7e1044b964f05b8487314/1625809156893/kuwatod.pdf
- https://static1.squarespace.com/static/60bf6cad3a95e91b59aa2418/t/60ece353f77a3e4a90ed3023/1626137427838/ruxasibirapabaxebil.pdf
- https://static1.squarespace.com/static/60aac59fb7e9621e2f466549/t/60e95fb237da2614570ff7a2/1625907122206/83524617773.pdf
- https://static1.squarespace.com/static/60aac52a97a1d73ddacfe14c/t/60e7d25381ab8d1aa9deae35/1625805396155/229658076.pdf
- https://static1.squarespace.com/static/60bf6bff0d8d387fecc8b153/t/60e7897bfdc75e32ab027ff4/1625786747956/how_to_reduce_file_size_for_web.pdf
- https://static1.squarespace.com/static/60bf6cad3a95e91b59aa2418/t/60e80642ed7e63043965d884/1625818690713/articles_of_co_partnership.pdf
- https://static1.squarespace.com/static/60bf6bff0d8d387fecc8b153/t/60e8fdc737cb9044755e79c4/1625882055686/valium_10mg_side_effects.pdf
- https://static1.squarespace.com/static/60aac4e0d5abe22cec5c4b22/t/60e8c7583add050c1b4b4c23/1625868120893/15726146742.pdf
- https://static1.squarespace.com/static/60bf6cad3a95e91b59aa2418/t/60ec7f74e94d7a30e054d205/1626111860818/spacebar_counter_in_10_seconds.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://dejavu.sourceforge.net
- http://dejavu.sourceforge.net/wiki/index.php/License
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000e417.bin022953e6baa4f72714b5066d597d9db62538b0c0def6406d8deb60fd5ac133eb |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xE417 | 10536 bytes |
font_01_sfnt_off0000fc2f.bin835e5085dbc3e2603c6a99b0edfa41c3df0a9d0c97de1133207821e6a13ddd96 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xFC2F | 17888 bytes |
font_02_sfnt_off00012b0b.bin9d2294e344127da9ddc2b77d68b1576b6b78373885bc9da2859f180a98f2c1e1 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x12B0B | 16792 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.