MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF file contains an embedded URL that directs users to a suspicious domain, likely for phishing or malware distribution. The ClamAV detection and ML classifier strongly indicate malicious intent, classifying it as a phishing trojan. The document body, though heavily obfuscated, suggests a lure related to a 'Digestive system disease case study' to entice users to click the malicious link.
Machine Learning
- Nyx PDF Classifier malicious score 0.9998
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://kuzutuzo.ru/strik?utm_term=digestive+system+disease+case+study
- https://cdn-cms.f-static.net/uploads/4426828/normal_60240d9d14706.pdf
- http://helpverifybadges.com/rejizorifovugolunujadewhr9h.pdf
- http://zyzycheat8.xyz/is_fresh_off_the_boat_getting_cancelledf6bbc.pdf
- https://static.s123-cdn-static.com/uploads/4365562/normal_5fdd281c78a5c.pdf
- http://you-bestshop.xyz/the_claiming_of_sleeping_beauty51fhk.pdf
- https://cdn-cms.f-static.net/uploads/4388596/normal_6013ea7d0e986.pdf
- https://cdn-cms.f-static.net/uploads/4383573/normal_604da0129ab2c.pdf
- http://phulop.store/how_to_see_normal_distribution_tablepc5tt.pdf
- http://tizezs.xyz/reddish_brown_color_crossword_answery2o4x.pdf
- https://cdn-cms.f-static.net/uploads/4375699/normal_604797bd8b253.pdf
- http://dommasters.site/22697658778yte4h.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://uploads.strikinglycdn.com/files/c7ab0869-c09f-4da9-a292-25e68853d883/what_is_remember_the_ladies.pdf
- http://kuporalegumema.epizy.com/95932997245.pdf
- http://jipobemimojogot.rf.gd/37000257173.pdf
- https://uploads.strikinglycdn.com/files/5c04a122-1200-4b4e-80dc-12d23481257b/is_bodyweight_training_effective.pdf
- http://zefixufedinokas.epizy.com/acuerdos_de_paz_2020_completo.pdf
- http://dokivux.epizy.com/stevens_320_field_and_security_combo_review.pdf
- https://uploads.strikinglycdn.com/files/8c5f5116-b74a-43b4-abfb-6e051f9de8d4/how_to_get_rid_of_a_cyst_pimple_on_face.pdf
- http://rutipozi.epizy.com/tp-link_tl-wa850re_n300_universal_wireless_range_extender_manual.pdf
- https://uploads.strikinglycdn.com/files/938efdf3-6ac5-44db-8857-f1a536dc0106/what_does_the_ending_of_the_last_of_us_mean.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000edc0.binfa335973020e53ddc088e4036da10f68686b669813451f2f027edac3fba72836 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xEDC0 | 5292 bytes |
font_01_sfnt_off0000ffc8.bin1f3295fc38b9ce02c1dcfc0a8c785b6fe78ff425edfc914e2dd20edb7c0f86d0 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xFFC8 | 11124 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.