MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF file was flagged by ML classifiers and ClamAV as malicious, specifically as a phishing trojan. It contains an embedded URI pointing to a suspicious domain, which is likely part of a phishing or malware distribution scheme. The document body, though heavily obfuscated, suggests a lure related to educational content, aiming to trick users into visiting the malicious URL.
Machine Learning
- Nyx PDF Classifier malicious score 0.9993
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://xezojetit.ru/award?keyword=biology+miller+and+levine+chapter+11+pdf
- http://xiwesesakuvel.medianewsonline.com/the_ancient_egyptian_economy.pdf
- http://relodifalixogo.scienceontheweb.net/15314101364.pdf
- http://miromawetibikew.mywebcommunity.org/arbys_salad_dressing_nutrition_facts.pdf
- http://wutoxurusot.iblogger.org/novetaborokuxa.pdf
- http://dulugidi.iblogger.org/shimano_ultegra_di2_junction_box_with_5_ports_sm-ew90-b.pdf
- http://nuxuzuruguli.mypressonline.com/54196529023.pdf
- http://theandyhong.com/xorovilojebvnsxt.pdf
- http://antileqphh.site/91841328323n6yrw.pdf
- http://rijoginijamibeg.mypressonline.com/13778397075.pdf
- http://zomixuxoluzijum.mywebcommunity.org/beds_are_burning_bass.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://s3.amazonaws.com/garorowa/lg_front_load_washer_diagnostic_codes.pdf
- http://dujupopo.epizy.com/12936337476.pdf
- http://kewetanetoza.atwebpages.com/binomials_in_english.pdf
- https://s3.amazonaws.com/xarojapi/19454354326.pdf
- https://s3.amazonaws.com/mejigavukolu/mudubivezeli.pdf
- http://jawuguv.epizy.com/how_to_study_12th_physics.pdf
- https://s3.amazonaws.com/zalomi/crossword_puzzle_maker_free_tagalog.pdf
- https://s3.amazonaws.com/vixuwogetiv/62539705419.pdf
- http://zekovulelopur.epizy.com/aluminum_oxide_structure_formation.pdf
- https://s3.amazonaws.com/sajatesawodiji/disinfection_and_sterilization_cdc_guidelines.pdf
- https://s3.amazonaws.com/lixuduwonifa/lapozavevikikunu.pdf
- http://pujumek.myartsonline.com/wizegatiradepunituvu.pdf
- https://s3.amazonaws.com/baxunaf/pukabevelamozif.pdf
- https://s3.amazonaws.com/vapite/86743548394.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00010049.bind420add33c3f3a41264f9c992ec8c65f19a781a1c5510b1e4f2f6b230dbe44f4 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x10049 | 5652 bytes |
font_01_sfnt_off00011372.bina0ad8dd1afa4264bcb251c1a8456129f09f09dec3926cca862c4da8d0a50e7d6 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x11372 | 11228 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.