MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The file is a PDF document that contains an embedded URL. The ML classifier and ClamAV detection strongly indicate maliciousness. The embedded URL points to a suspicious domain, likely intended for phishing or malware distribution. No scripts were extracted, but the presence of an external URI is a common tactic for initial compromise.
Machine Learning
- Nyx PDF Classifier malicious score 0.9731
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://wastran.ru/pbw?utm_term=how+do+you+build+in+minecraft+classic+on+computer PDF link annotation
- https://static.s123-cdn-static.com/uploads/4471711/normal_5ff4b6d7675c8.pdfIn PDF document text
- https://xesukalo.weebly.com/uploads/1/3/5/3/135311970/kejaka.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4492546/normal_606237885320e.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4374522/normal_601041777a830.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4456671/normal_5fda393a202e5.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4454167/normal_600f282dd8a14.pdfIn PDF document text
- https://nesavelo.weebly.com/uploads/1/3/2/3/132303009/8992104.pdfIn PDF document text
- https://wiluxuvofox.weebly.com/uploads/1/3/0/9/130969019/356a06d.pdfIn PDF document text
- https://kezarixanutoge.weebly.com/uploads/1/3/4/3/134372428/revako.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4368762/normal_60421a9b72da4.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4483602/normal_5fd6624b4f287.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4411714/normal_60088b436f837.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://uploads.strikinglycdn.com/files/1673ff82-592c-4689-8e7a-de18f9ed0d7c/comparative_and_superlative_adjectives_worksheet_4th_grade.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/b873ff66-3768-44a1-a2d0-7788bf51c836/69271738639.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/9cc794b5-8a08-4f6d-bef5-6ca3f1e3f09f/possessive_pronouns_exercises_3rd_grade.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/b1f1963f-f45f-4de9-8523-c03fa69b783f/teluk.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/092bd006-c2f2-407c-83e4-3f5b5fb1320b/midituripobixurukelodaba.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/b5ba3798-73d6-4967-88dd-cb34ca9a1f27/rutatof.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/5166a50d-38e1-41be-b9f0-d8294894bc49/panasonic_phone_with_answering_machine_manual.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/2e9b400b-3294-4fc2-b5f6-6b03ae66431b/zimofevabosorifigeraki.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/4c39f94e-4c29-4a0e-af03-cbc1bc856278/wooden_safety_razor_stand.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/b348d66a-b527-4173-8bd0-3e5a5b4fe45b/50211905760.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/1c910557-c612-4a9e-afd0-87b8a6ffd3c1/15207565057.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/d1736d8f-d781-4676-9373-3143c37a0d68/20789952386.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/35d7f2a0-92b5-4d80-a59b-fcafeab4fe92/fefikerozovikamatuweluv.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/b9d46b9f-8420-4530-90a7-d637af80a3de/94301275924.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
- http://dejavu.sourceforge.netIn PDF document text
- http://dejavu.sourceforge.net/wiki/index.php/LicenseIn PDF document text
Extracted artifacts 4
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00027aef.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x27AEF | 15172 bytes |
SHA-256: 113b3945a241f623b571e7a8ebe5b864f89c054fa83d8178242b3db10c9889b9 |
|||
font_01_sfnt_off0002accd.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x2ACCD | 5596 bytes |
SHA-256: 1b634513f1ef5cd9c641ff442e95155e6ef0ee9f122433352c17a418c48f2dd7 |
|||
font_02_sfnt_off0002bfcf.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x2BFCF | 13832 bytes |
SHA-256: 245f6c98b61a54e2539cca3e480f3bae7294fc091aeeef0b9bda2f9bb3f1a950 |
|||
font_03_sfnt_off0002ed4d.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x2ED4D | 16112 bytes |
SHA-256: 04c641d0aedeaa8c494855f42a2e9ae6fad9e3679126e7dc5c08fccc4b41c292 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.