MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF file contains an embedded URI pointing to a suspicious domain, which is likely part of a phishing or malware distribution scheme. The ML classifier and ClamAV detection strongly indicate malicious intent. The document body, though heavily obfuscated, contains text related to weather, suggesting a lure to a malicious URL.
Machine Learning
- Nyx PDF Classifier malicious score 0.9997
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://jacksth.ru/strik?utm_term=what+is+the+weather+for+dc PDF link annotation
- http://pikejofopon.mypressonline.com/english_speaking_course_book_download.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4372377/normal_60002fb7ed5f0.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4413236/normal_6058fc6ddd0fd.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4380543/normal_602a43277108f.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4423427/normal_5fe5037044e64.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4491173/normal_5fed9b2d3f8e4.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4384483/normal_5fd8ff09cb063.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- http://purezaviwof.myartsonline.com/76245107518.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/7af8a40d-5f28-4972-aaa9-dc0f39fa61fd/rawak.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/701693ce-38b7-4fc0-b7f5-b36310e3b80c/english_word_in_marathi_translation_meaning.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/c7d8128d-3674-4fd3-88c3-0a2cc84f15c3/ramigagovaxeb.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/a6126281-44e9-4933-990e-56a86864501e/dasonopefu.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/946fa454-0335-4978-8eee-63eab0077852/ohio_state_university_visitor_parking_map.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/7c261f7e-87af-409b-9016-2d3d49aa3c4d/satesaledisuxexikitar.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/42b7fd3d-2531-454a-9c4f-e0cbdba9e907/31285287161.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/25ba92bf-cc3e-4301-b92d-0e1b93e44d44/47305987943.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/6fa5c06e-70b9-4ebe-88d5-23d04b950fef/can_a_therapist_become_a_life_coach.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/39966e53-7423-4a53-a662-a706da139a3d/python_dict_append_value_to_same_key.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/32bd8127-777c-4874-bf06-1406f0f5a3fc/27316172276.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/4a1318fa-5d26-47e8-8cbc-8914b82b8ab1/40403110825.pdfIn PDF document text
- http://lapetagalelan.myartsonline.com/munojiwetevarezezofotanu.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0001875e.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1875E | 5184 bytes |
SHA-256: 8c3b9d1597ad897aa5fa41d99046e81c0f8a2244eadb05a2be017ffbab218559 |
|||
font_01_sfnt_off00019910.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x19910 | 12380 bytes |
SHA-256: c01612383df5536bd77303d277d07c39c9d9626b606b13ab93ab10bc0fbcbb16 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.