MALICIOUS
174
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
This PDF file was flagged as malicious by multiple heuristics, including a critical finding for a link to known malicious redirector infrastructure. The document body, though heavily obfuscated, suggests a lure related to an 'Assamese dictionary pdf' to entice users to click the embedded malicious URL. The presence of embedded URLs and the ML classifier's high confidence score indicate a phishing attempt.
Machine Learning
- Nyx PDF Classifier malicious score 0.9996
Heuristics 5
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
QR-code redirect lure medium SE_QR_LUREDocument instructs the user to scan a QR code with a phone — consistent with QR phishing, but also common in legitimate documents
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://dafemum.ru/award?keyword=assamese+dictionary+pdf In PDF document text
- http://lenudes.com/28382615026maw3r.pdfIn PDF document text
- http://tersq.space/wuraminewudetisomufukarotk0s.pdfIn PDF document text
- http://disconto50.pro/bushnell_tour_v3_operating_manuals0ukd.pdfIn PDF document text
- http://socialwave.me/zafikuxovizelobazikaz8kqes.pdfIn PDF document text
- http://1freedom.space/7500361108bypm4.pdfIn PDF document text
- http://iciapp.xyz/canon_powershot_sx720_battery8ceb8.pdfIn PDF document text
- http://klyshsheff.xyz/75760632119o1ztf.pdfIn PDF document text
- http://heretythere.site/bright_line_eating_meal_plansdb6y8.pdfIn PDF document text
- http://yatvoyya.fun/engineering_mathematics_stroud_solutions9dhgo.pdfIn PDF document text
- http://physcoo.com/temavofp3cb8.pdfIn PDF document text
- http://feldhaus-klinker-plitka.ru/salary_of_philippine_army_2020yr5l4.pdfIn PDF document text
- http://matras-24.ru/53391041503yeare.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://4541bc1c-e35c-4de3-bb44-1f53c3e1a56d.filesusr.com/ugd/68f66e_eac80238cda7424897ecbdfa375feed7.pdf?index=trueIn PDF document text
- https://s3.amazonaws.com/kabisebax/grim_soul_survival_beginners_guide.pdfIn PDF document text
- https://s3.amazonaws.com/tejuvonixag/50494760854.pdfIn PDF document text
- https://ca30e0e0-ecf2-44ab-b6a2-fe26291458be.filesusr.com/ugd/34e21e_fabafe21827848ef9442f1cb96159687.pdf?index=trueIn PDF document text
- https://s3.amazonaws.com/tometubufimopim/equator_tropic_of_cancer_and_tropic_of_capricorn_passes_through_which_countries.pdfIn PDF document text
- https://s3.amazonaws.com/gonafoziguwewe/tamilrockers_chhichhore_movie_link.pdfIn PDF document text
- https://s3.amazonaws.com/tarajix/pejor.pdfIn PDF document text
- https://dbba0f06-1911-40f0-8c80-a2638c7f81cc.filesusr.com/ugd/b13fd1_bc36183036c9462ba7bce213ca9b9214.pdf?index=trueIn PDF document text
- https://9c12218e-e157-4070-b33f-4467b3cb42bb.filesusr.com/ugd/0c60a0_a2f302b0397e4d9c87c133ec5d23da4f.pdf?index=trueIn PDF document text
- https://c9254e9e-0e71-498a-8384-ab4c929b52b4.filesusr.com/ugd/0699ff_e543f65fdb574e9788439cf20b6fc7be.pdf?index=trueIn PDF document text
- https://bcbc83ff-a82b-4234-bf1d-c69e8cae54d5.filesusr.com/ugd/057c82_528daca80ca74a1784c1500957c42076.pdf?index=trueIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0001132a.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1132A | 5360 bytes |
SHA-256: a763afc28a7c27c26cbbf4b5c482517ac82e9defe4cdbbee4862313b52734b89 |
|||
font_01_sfnt_off0001255e.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1255E | 10864 bytes |
SHA-256: 96066db91a1ba9e8d348f07109b5ca1a2a704aa783e754292eb256eef36621dc |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.