MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF file was flagged as malicious by ML classifiers and ClamAV, indicating a high likelihood of malicious intent. The document contains an embedded URI pointing to 'https://gimoguvi.ru/123?utm_term=progressive+web+app+bootstrap+template', which is likely a phishing lure. Although no scripts were explicitly extracted, the PDF structure and embedded URI suggest an attempt to redirect the user to a malicious site, potentially for credential harvesting or further malware delivery.
Machine Learning
- Nyx PDF Classifier malicious score 0.9998
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://gimoguvi.ru/123?utm_term=progressive+web+app+bootstrap+template
- http://mikenitoxa.22web.org/87014465780.pdf
- http://farilanij.iblogger.org/english_vocabulary_practice.pdf
- https://cdn-cms.f-static.net/uploads/4402963/normal_6016e2579261c.pdf
- https://cdn.sqhk.co/bomoxale/iiMh1Ms/55248051573.pdf
- https://cdn-cms.f-static.net/uploads/4413867/normal_5fd5f0026cfd6.pdf
- https://static.s123-cdn-static.com/uploads/4449774/normal_5ff4ab9ea375a.pdf
- https://cdn.sqhk.co/ragejeli/iMLhjie/easy_homemade_chocolate_cake_recipes_from_scratch.pdf
- https://cdn-cms.f-static.net/uploads/4408335/normal_6020aea1b4a8a.pdf
- http://wegutamozeji.iblogger.org/coleman_inflatable_hot_tub_pump_parts.pdf
- https://static.s123-cdn-static.com/uploads/4369653/normal_5ffebc80184e7.pdf
- https://static.s123-cdn-static.com/uploads/4366367/normal_5ff402696adff.pdf
- https://cdn.sqhk.co/difanemifal/jhehjij/wowiluzopa.pdf
- http://tofuvuniz.iblogger.org/6876828416.pdf
- https://cdn-cms.f-static.net/uploads/4384825/normal_60315084495c6.pdf
- https://static.s123-cdn-static.com/uploads/4465398/normal_5ff651431c622.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://s3.amazonaws.com/zufojadibi/43987468613.pdf
- https://s3.amazonaws.com/kotenu/how_to_do_total_surface_area_of_a_triangular_prism.pdf
- http://porininiji.epizy.com/gezenisukogene.pdf
- http://gevewodex.epizy.com/65354744675.pdf
- http://jexititojule.rf.gd/guitar_chords_and_tabs_app_for_android.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000ec4c.bin01ae683372388552b5c30365f052cee67f7c0e1486832489eb346196bf8bae95 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xEC4C | 5432 bytes |
font_01_sfnt_off0000fec4.binfda778ff6195b25d34b92325d54adc7b41f9b56dbc71e71bc4d19d01e31f4cfd |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xFEC4 | 10792 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.