MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF file was flagged by multiple heuristics, including a critical ClamAV detection and an ML classifier, indicating malicious intent. The embedded URL, disguised within a search query for 'dragon ball xenoverse 2 codex error', points to a suspicious domain. While no scripts were explicitly extracted, the PDF structure and embedded URI suggest it's designed to redirect users to a malicious site, likely for phishing or to download further payloads.
Machine Learning
- Nyx PDF Classifier malicious score 0.9999
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://jacksth.ru/wix?keyword=dragon+ball+xenoverse+2+codex+error
- https://static.s123-cdn-static.com/uploads/4468836/normal_5fe5d00004a23.pdf
- https://cdn-cms.f-static.net/uploads/4488817/normal_6009e9362b4d8.pdf
- http://sijemogezabusa.sportsontheweb.net/12035612127.pdf
- http://zokidinodajives.getenjoyment.net/does_firehouse_subs_have_gluten_free_menu.pdf
- https://static.s123-cdn-static.com/uploads/4412778/normal_6004826e2c235.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- http://lujifub.epizy.com/psychological_theories.pdf
- https://41d9b059-0b17-466b-96e6-f31a3f3e9b19.filesusr.com/ugd/f1ead9_391bff8ea31f48a09a5a54b75c8b09f3.pdf?index=true
- https://05f6fcc2-a4c7-4d5b-b58c-97b640a93f4d.filesusr.com/ugd/74147a_d843464c669b4a8290116c72c48b4cce.pdf?index=true
- https://uploads.strikinglycdn.com/files/d59a237c-e2f0-4733-8196-b88e53835a11/79518304614.pdf
- https://uploads.strikinglycdn.com/files/a3721029-db82-4ac7-b7d8-2ae781de9660/vuworomawezapi.pdf
- https://uploads.strikinglycdn.com/files/d47e53e3-7a93-4717-a4ab-25fd409cd413/niv_life_application_study_bible_thumb_indexed_leather.pdf
- http://kunerev.epizy.com/symbolism_mini_lesson_high_school.pdf
- https://uploads.strikinglycdn.com/files/df23050b-1e04-4ceb-95ea-66c8d94aafad/sleep_sense_audiobook.pdf
- https://s3.amazonaws.com/tokafanawa/19471036681.pdf
- https://uploads.strikinglycdn.com/files/3d646b99-885c-4b4a-9b1d-b6697fc003e2/que_es_una_organizacion_empresarial.pdf
- http://xepipigedizovo.rf.gd/tifokaxufa.pdf
- https://s3.amazonaws.com/megujobemegor/gufupifolegaxo.pdf
- http://savekuf.rf.gd/29979328425.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0001a52f.bin8cd231d9d0fe9d6a47aaf75518827ed8051506199d4178defc3214f40974ff97 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1A52F | 5504 bytes |
font_01_sfnt_off0001b805.bin04d99331f772ed973dbb2676de0ce9169c196e6d44749d4e8ba0fe8e2a746f2c |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1B805 | 20608 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.