MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The file is a PDF that contains an embedded URI pointing to a suspicious domain, identified as malicious by ClamAV and an ML classifier. The document body, though heavily obfuscated, suggests a lure related to 'Bauhaus graphic design pdf'. The presence of embedded URLs and the overall detection by multiple security tools indicate a phishing or malware distribution attempt.
Machine Learning
- Nyx PDF Classifier malicious score 0.9571
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://pelibifir.ru/award?keyword=bauhaus+graphic+design+pdf
- https://cdn-cms.f-static.net/uploads/4451365/normal_606477669ca2a.pdf
- http://naturalik.fun/combine_excel_workbooks_into_one_worksheet6z9vy.pdf
- http://kmplitka.shop/how_to_summarize_a_medical_case96ea5.pdf
- http://pegoluzalep.22web.org/99223863165.pdf
- http://max-lifting.store/chrome_extension_videoa16sx.pdf
- http://zapegerebipe.22web.org/ionic_2_base64_to.pdf
- https://cdn-cms.f-static.net/uploads/4483842/normal_6019d656bf79d.pdf
- https://cdn-cms.f-static.net/uploads/4405651/normal_605ae2a81da5c.pdf
- http://reactivaperu-2020.com/corriere_campoformido_udine1s4sa.pdf
- http://kostlike.site/comptia_it_fundamentals_questions14qyf.pdf
- https://static.s123-cdn-static.com/uploads/4445103/normal_5ffc3027ce819.pdf
- https://cdn-cms.f-static.net/uploads/4422628/normal_600a54553e288.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://uploads.strikinglycdn.com/files/0c30551e-94d4-4a39-ae98-d394480028be/the_collector_2_watch_online.pdf
- http://daluxufugul.epizy.com/ziguxagajiwowiloru.pdf
- https://uploads.strikinglycdn.com/files/b6a7bf25-b68e-4a56-91c2-fee52e46c8fc/traducir_ingles_espaol_online_gratis.pdf
- http://vowatutijetig.rf.gd/ways_of_the_world_a_brief_global_history_with_sources_volume_1.pdf
- http://sarirepenibe.epizy.com/baketitidofusadogumoli.pdf
- https://uploads.strikinglycdn.com/files/b7c47207-aee2-4b7f-bd43-81443d038cca/mijurobikeraxowarunopevo.pdf
- http://bejovivijif.epizy.com/cruel_seas_game_report.pdf
- https://uploads.strikinglycdn.com/files/75a12079-ff7d-4d70-a292-470172425112/kidupukakejak.pdf
- http://vomadiboliwod.rf.gd/wakuwosalobalakitapobo.pdf
- https://uploads.strikinglycdn.com/files/91e2259e-a9b5-454b-9a21-0019bc3af8a6/blender_2.78_animation_tutorial.pdf
- http://ritekarevo.rf.gd/60491663865.pdf
- http://sefamuw.rf.gd/wuxutazedu.pdf
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000efd1.bin86608c85c03f4a5bf489771d0bce45950b2bcf66b1d9f37f147566016e2cae2b |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xEFD1 | 5432 bytes |
font_01_sfnt_off00010247.binc1dd876ba894ff7da91ff6c9286ab0ee811ee0d341219d1a325181d23e9ead0f |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x10247 | 13316 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.