MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The file is identified as malicious by ML classifiers and ClamAV, specifically as a phishing trojan. It contains multiple embedded URLs, with the primary one being https://jumiwimov.ru/123?utm_term=darkness+rises+warrior+guide, suggesting a phishing or malware distribution attempt. Although no scripts were explicitly extracted, the PDF structure and embedded URLs indicate an attempt to redirect the user to a malicious site, likely for credential harvesting or further payload delivery.
Machine Learning
- Nyx PDF Classifier malicious score 0.9997
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://jumiwimov.ru/123?utm_term=darkness+rises+warrior+guide
- http://marafonsport.site/reviews_of_fifty_shades_of_grey_movieq6re0.pdf
- http://stav-games.ru/rogofuhvu3.pdf
- http://kushtanash.ru/war_of_the_worlds_epix_cast_episode_1oqzrs.pdf
- http://skidki-day.site/behringer_xenyx_1204_usb_driver_windows_7il7q4.pdf
- https://xoravali.weebly.com/uploads/1/3/0/7/130775395/tibened.pdf
- http://jobs-ingenieur.best/xarexekonimunevigejetabowiqqvt.pdf
- http://joy-todays.online/26872086152lmqnr.pdf
- http://my-favshopg.online/frigidaire_double_oven_repair_manualtc81h.pdf
- https://tabugutiku.weebly.com/uploads/1/3/2/6/132682541/juvejutezakawuzumapi.pdf
- http://sexedate69.site/xufaxominevugifolo2pb3.pdf
- http://profer-opt.ru/pelojexr2a5t.pdf
- https://buwolipirawelas.weebly.com/uploads/1/3/0/8/130874522/91a7e4bf4b5.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://uploads.strikinglycdn.com/files/2ef6510b-b0ce-43ef-97d2-e0e3672a0935/xafiraxitixageli.pdf
- https://uploads.strikinglycdn.com/files/078b5793-ccd0-400d-ae09-ae4856481341/duxir.pdf
- https://uploads.strikinglycdn.com/files/7e64e46f-9b02-4b7a-9775-da0ac3f9b80e/39832911626.pdf
- https://s3.amazonaws.com/vunizi/jovuvipopatu.pdf
- https://s3.amazonaws.com/bofake/museum_of_natural_history_scavenger_hunt_answers.pdf
- https://s3.amazonaws.com/nademopor/forakozupowokut.pdf
- https://uploads.strikinglycdn.com/files/29299815-b44f-43af-8728-fd92ee959fc3/tofideduneja.pdf
- https://s3.amazonaws.com/pegozegi/kaxipagabo.pdf
- https://uploads.strikinglycdn.com/files/fb6ea8d2-73b5-4533-ac7e-ca1d7946cd59/surah_mulk_translation_urdu.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000ee30.bined1c63e686f6a78e0568a8ead27a33334c8dfa95017f73538b8664e6823e1fd6 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xEE30 | 5116 bytes |
font_01_sfnt_off0000ffc4.bin5f8c8b624a5d9e13b35ac37893cf316c3c80293f948c02615ccc7e8c3d7ee23d |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xFFC4 | 11084 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.