MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF file was detected as malicious by ML classifiers and ClamAV, indicating a high likelihood of malicious intent. It contains an embedded URL that leads to a domain associated with phishing or malware distribution. The document body, though heavily obfuscated, suggests a lure related to a book summary, which is a common tactic for social engineering.
Machine Learning
- Nyx PDF Classifier malicious score 0.9988
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://philabc.ru/pbw?utm_term=resumen+del+libro+el+jardin+secreto+rincon+del+vago PDF link annotation
- https://cdn-cms.f-static.net/uploads/4426279/normal_602e697446df4.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4374009/normal_603c40228f9e8.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4501791/normal_60461ba318583.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4406466/normal_5fc743cc1ccf9.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4375196/normal_606e1bea9093d.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4369900/normal_603be84c6ec14.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4476566/normal_5fe391707173b.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4490950/normal_602c3c3896f06.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4391605/normal_5fe10a381dded.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- http://vimaxojejo.pbworks.com/f/book_understanding_analysis_by_stephen_abbott.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/85446226-7a92-40fd-a9f4-49bc59e2b2c8/30329265570.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/c2286537-b952-4e9d-af46-1e8baf070ac7/tizasokufubugiladupu.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/d1a51a6c-f684-48c1-876c-79ab84d58923/42331319272.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/bb135854-6e58-48c0-908d-0ed23d2131ae/72155780454.pdfIn PDF document text
- http://xobapotowi.pbworks.com/f/what_is_the_meaning_of_actions_speak_louder_than_words_in_malayalam.pdfIn PDF document text
- http://tisowowuduwe.pbworks.com/w/file/fetch/144597000/unfaithful_movie_download_in_hindi_480p.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/6c8dbebb-27f9-41a2-acb0-8b54bc13490e/nikon_dx_af-s_nikkor_55-200mm_review.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/0adaf48e-7253-4867-b848-6a2445e45f2e/nora_roberts_year_one_wiki.pdfIn PDF document text
- http://dagomiwavi.pbworks.com/w/file/fetch/144548394/95293947340.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/a7575fc3-74b0-4567-b10a-6ae6603142a4/tevekinogawemiw.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/fa78afec-2809-43ff-8bd2-e29233264310/who_makes_noma_snowblowers.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/6fb9f041-6b59-4222-a8e1-a4edd26d6afb/2021_lexus_es_350_f_sport_horsepower.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
- http://dejavu.sourceforge.netIn PDF document text
- http://dejavu.sourceforge.net/wiki/index.php/LicenseIn PDF document text
Extracted artifacts 4
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00013ad7.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x13AD7 | 5192 bytes |
SHA-256: 8e040d07a70d9d512f5786608a7c935af04623359927f4630731e61e4df611e9 |
|||
font_01_sfnt_off00014d76.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x14D76 | 5540 bytes |
SHA-256: 5c76c4f8dc9e7bf6cd8383dd30354efb7cec7a2ee649f8db4dba6901522bb8c4 |
|||
font_02_sfnt_off0001603f.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1603F | 12624 bytes |
SHA-256: 1a05ecf7665cbd5580ba337f1b88b1a96c0d1a3fb65b066081a833947fc222ce |
|||
font_03_sfnt_off0001892b.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1892B | 17268 bytes |
SHA-256: 81c09f19ea8374a8a78d4f819f5a410855dc12a5440fd0412972516967e1cd05 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.