MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF file was flagged as malicious by ML classifiers and ClamAV, indicating a high likelihood of malicious intent. It contains an embedded URI pointing to 'zajinet.ru', which likely serves as a phishing or malware distribution site. The document body, though heavily obfuscated, appears to contain metadata related to the URL's search term, suggesting a lure.
Machine Learning
- Nyx PDF Classifier malicious score 0.9998
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://zajinet.ru/strik?utm_term=death+note+movie+2016+cast
- https://cdn.sqhk.co/telazaje/jGK5sij/92014754124.pdf
- https://cdn.sqhk.co/kuretunaba/BI9Kjhd/my_verizon_fios_bill_went_up.pdf
- https://cdn.sqhk.co/botonerepap/ltaAjcc/nattamai_comedy_videos.pdf
- http://kuboduzuke.mypressonline.com/96548353959.pdf
- https://cdn.sqhk.co/josipinu/ckKeDji/drop_waist_inches_fast.pdf
- https://cdn.sqhk.co/fafojipedul/cgiiheu/uc_browser_online_video_download.pdf
- https://cdn.sqhk.co/xanutabe/Uhinhhe/blues_music_festivals_2020_usa.pdf
- http://bitalotava.scienceontheweb.net/80238864241.pdf
- https://cdn.sqhk.co/vejuwipem/rRjEhg4/80186831497.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- http://kivozusemu.atwebpages.com/gojimegede.pdf
- https://84d51d8d-5932-465a-b044-5d36dace581c.filesusr.com/ugd/98e2de_404dd49b12ae473d846a03605539a041.pdf?index=true
- http://ximuxulizi.myartsonline.com/english_questions_for_sbi_clerk_2020.pdf
- https://uploads.strikinglycdn.com/files/db7a0bea-4377-408d-ad22-1869d87d4fcc/what_kind_of_oil_does_a_honda_gx200_take.pdf
- https://uploads.strikinglycdn.com/files/5213216f-a15d-4fbe-98d1-0409b81af498/what_is_the_best_lean_certification.pdf
- https://uploads.strikinglycdn.com/files/cb3d1ec5-ee4e-4b71-b5c7-1279989a165e/xesisutemos.pdf
- https://064d663d-f6b2-44cf-a6ad-083da5f315e5.filesusr.com/ugd/77eba6_2511e5e037774672adbbaa25be345a12.pdf?index=true
- https://uploads.strikinglycdn.com/files/be8a8074-98fb-4b4a-b109-e6ed62c99db1/mojawukev.pdf
- https://587b455d-cc79-4428-8e80-a8b75ce23bca.filesusr.com/ugd/021ec8_382c3dc514424196813a3b1609df0a49.pdf?index=true
- https://uploads.strikinglycdn.com/files/d13f8357-31d6-4409-a03f-e28cb161ab6a/jidipevuzitezubikuf.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000f0e9.bin816eb7fa9902b84224f9b63c6cbb44852d190fd56c7839deac045aa466001702 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xF0E9 | 5452 bytes |
font_01_sfnt_off00010362.bin5e4b97db94a620faf340330feabd8b78699480171ced4cbf679a1542b411dad8 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x10362 | 11400 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.