MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
The file was detected as malicious by ClamAV and an ML classifier, indicating a high likelihood of malicious intent. It contains an embedded URL that directs users to a suspicious domain, likely for phishing purposes. Although no scripts were explicitly extracted, the PDF structure and the presence of external URIs suggest an attempt to lure the user to a malicious site.
Machine Learning
- Nyx PDF Classifier malicious score 0.9991
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://laborke.ru/square?utm_term=types+of+single+replacement+reactions
- https://static1.squarespace.com/static/60aac59fb7e9621e2f466549/t/60f1ecd5f9923912c3933afb/1626467541877/fifty_shades_of_grey_valentines_day_full_movie_download.pdf
- https://static1.squarespace.com/static/60bf6cad3a95e91b59aa2418/t/60ec795fbdd82073f6fe0021/1626110303909/5_minute_personality_test.pdf
- https://static1.squarespace.com/static/60aac5994c6b1805bc4acbdb/t/60e828464261ba7980643718/1625827398948/36528426575.pdf
- https://static1.squarespace.com/static/60aac5994c6b1805bc4acbdb/t/60f7a7fbf307916d7de0dc3b/1626843131237/2441226319.pdf
- https://static1.squarespace.com/static/60bf6c89a2b0b938881bcf91/t/60e8e1ed27127e68041263ea/1625874925591/whether_and_if_difference.pdf
- https://static1.squarespace.com/static/60aac5994c6b1805bc4acbdb/t/60edb90c7d02012a3634e045/1626192140865/43696233685.pdf
- https://static1.squarespace.com/static/60aac5994c6b1805bc4acbdb/t/60f1406d6e3a8560b3d3930a/1626423405468/php_code_for_mcq_test.pdf
- https://static1.squarespace.com/static/60bf69b23f3791685666e32d/t/60f80817ef6cd9062feefda8/1626867736231/71874044196.pdf
- https://static1.squarespace.com/static/60aac59fb7e9621e2f466549/t/60f47f37860d895b48343084/1626636087583/best_way_to_get_wine_out_of_clothes.pdf
- https://static1.squarespace.com/static/60aac52a97a1d73ddacfe14c/t/60edded8ea8d40126a1c07ac/1626201816840/another_word_for_deep_red.pdf
- https://static1.squarespace.com/static/60aac52a97a1d73ddacfe14c/t/60e8a794aea6c4457b8c9c8c/1625859988317/31069443009.pdf
- https://static1.squarespace.com/static/60aac5994c6b1805bc4acbdb/t/60f5802650974615f93c0e67/1626701862359/vokojepujuj.pdf
- https://static1.squarespace.com/static/60aac4dd19f082755c4e5c69/t/60eda0845860d606f482b58e/1626185861053/81296393523.pdf
- https://static1.squarespace.com/static/60aac59fb7e9621e2f466549/t/60f32b1bebca9b5ae8ea2fb7/1626549019454/cryptic_answers_clues.pdf
- https://static1.squarespace.com/static/60bf69b23f3791685666e32d/t/60f6aec74f999d303e8aef06/1626779335335/types_of_structural_chromosomal_abnormalities.pdf
- https://static1.squarespace.com/static/60aac4e0d5abe22cec5c4b22/t/60ee1ce927fa864c7d0f40c0/1626217705583/feral_druid_leveling_guide_wotlk.pdf
- https://static1.squarespace.com/static/60bf6bff0d8d387fecc8b153/t/60ee37650b33b63bb8c55f81/1626224486246/carpal_hygroma_in_cattle.pdf
- https://static1.squarespace.com/static/60bf6cad3a95e91b59aa2418/t/60ec796054a52c186ce3d8fb/1626110304185/andrew_wiggins_married.pdf
- https://static1.squarespace.com/static/60aac4dd19f082755c4e5c69/t/60f62ef3f3a396036e3417fb/1626746611121/68479938842.pdf
- https://static1.squarespace.com/static/60bf6cad3a95e91b59aa2418/t/60edc86537ddb5439bf495fc/1626196070056/digestion_questions_and_answers.pdf
- https://static1.squarespace.com/static/60aac4dd19f082755c4e5c69/t/60e91d0e92abcc18c4f5d6cb/1625890062392/hope_all_is.pdf
- https://static1.squarespace.com/static/60bf6bff0d8d387fecc8b153/t/60ee2b2fdf3d323292cf38fb/1626221359230/wumusonozixixirorupozi.pdf
- https://static1.squarespace.com/static/60aac4dd19f082755c4e5c69/t/60f2bc1522602c08cae91a1d/1626520597203/beautiful_morning_images_of_nature.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://dejavu.sourceforge.net
- http://dejavu.sourceforge.net/wiki/index.php/License
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000f0b9.bin5b47a8da0557e1b2d4fad032976e672a45555763cf277759ae17ced2bdfd8e6d |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xF0B9 | 10900 bytes |
font_01_sfnt_off00010a05.bin9d2294e344127da9ddc2b77d68b1576b6b78373885bc9da2859f180a98f2c1e1 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x10A05 | 16792 bytes |
font_02_sfnt_off00012217.binec8b82276b50c6a52bf062c046e25ab5381efdfcfa74564e55d2222d12474dc2 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x12217 | 16668 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.