MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF file contains an embedded URL that directs users to a phishing page disguised as a quiz. The ML classifier and ClamAV detection strongly indicate malicious intent. The presence of multiple external URIs suggests the document is designed to redirect users to potentially harmful content.
Machine Learning
- Nyx PDF Classifier malicious score 0.9993
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ponafet.ru/strik?utm_term=which+of+the+following+statements+about+internal+control+is+true PDF link annotation
- http://nesebonuvobeju.getenjoyment.net/cannabidiol_parkinson.pdfIn PDF document text
- https://cdn.sqhk.co/resozasevej/CUCtjac/likavalevadutoxa.pdfIn PDF document text
- https://cdn.sqhk.co/fukafodifi/vHhjgjv/guravokepupawi.pdfIn PDF document text
- https://cdn.sqhk.co/giripiponi/0jbsCjj/complete_biology_oxford.pdfIn PDF document text
- https://cdn.sqhk.co/gederanew/Yjf8RDL/dungeon_of_doom_wcw_theme.pdfIn PDF document text
- https://cdn.sqhk.co/togixulala/ibhfjbl/avira_antivirus_for_android_free.pdfIn PDF document text
- https://cdn.sqhk.co/letarezetap/CqLhfN7/localizar_mi_android_por_gps.pdfIn PDF document text
- https://cdn.sqhk.co/pagozixupezi/haqohjS/guess_the_kpop_song_2020_sporcle.pdfIn PDF document text
- https://cdn.sqhk.co/simikitivo/ibhhTVy/vaferadaxonene.pdfIn PDF document text
- https://cdn.sqhk.co/puruwedisuma/8QichIP/download_wheels_in_mud_offroad_simulator_mod_apk.pdfIn PDF document text
- https://cdn.sqhk.co/walumupo/egdpQje/belebafevirumarevasig.pdfIn PDF document text
- https://cdn.sqhk.co/fokofike/xjhsgcO/50638457308.pdfIn PDF document text
- https://cdn.sqhk.co/pumibavi/jjhVgdY/liremena.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- http://scripts.sil.orgThisIn PDF document text
- https://uploads.strikinglycdn.com/files/5ff470da-874b-4a42-88f2-52e7bac2a10c/why_is_there_2_the_girl_with_the_dragon_tattoo.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/14ba5593-9da4-4be9-a255-249494475b4a/razor_scooter_e200_vs_e300.pdfIn PDF document text
- https://s3.amazonaws.com/xulepiwa/vifazazevelo.pdfIn PDF document text
- https://s3.amazonaws.com/fopalew/wototasogivafimego.pdfIn PDF document text
- https://s3.amazonaws.com/juwofuxufijup/why_do_songs_keep_disappearing_from_spotify.pdfIn PDF document text
- http://wilaroxu.atwebpages.com/vidapi.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/0c62cf68-9ccd-42d0-95e3-776bb5d23f9d/vavonir.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
- http://scripts.sil.org/In PDF document text
- http://scripts.sil.org/OFLAbyssinicaIn PDF document text
Extracted artifacts 5
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000ff48.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xFF48 | 12428 bytes |
SHA-256: cd63faf89c63598147df2c70f2f18026504e41a9f4bc04e65f957b06df43fd7a |
|||
font_01_sfnt_off000127da.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x127DA | 5540 bytes |
SHA-256: 8e50d8663e72c0be9ce870fea41a375e350b9e651c0ee7e9eba2a6b384911b69 |
|||
font_02_sfnt_off00013aae.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x13AAE | 21044 bytes |
SHA-256: d83750b7ee25b4c5a08de16fadca05340c8edd257d4484567efe9a0a8a4652fe |
|||
font_03_sfnt_off00015b12.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x15B12 | 2968 bytes |
SHA-256: 0c043fb62d9f705cedb58fa47172b33f27fd2161ebbea6f3c00b27d515c00ef0 |
|||
font_04_sfnt_off0001673a.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1673A | 10388 bytes |
SHA-256: 8020f6d72454497469c60b10c9f76c9a4aeeae8cc2c5ed33dde701654db55fa4 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.