MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF file contains an embedded URL that redirects to a malicious domain, likely for phishing or malware distribution. The ML classifier and ClamAV detection strongly indicate malicious intent. Although no scripts were extracted, the presence of a suspicious URL and the document's likely purpose of luring users to a malicious site suggest a phishing attack.
Machine Learning
- Nyx PDF Classifier malicious score 0.9996
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://mezovuduw.ru/wix?keyword=schwinn+170+upright+bike+manual
- http://fupomogusi.22web.org/commerce_and_trade_group_salary.pdf
- http://zixaxagewan.mypressonline.com/2478113215.pdf
- http://botefin.medianewsonline.com/nevexinekugi.pdf
- http://weridif.medianewsonline.com/diagrama_de_fases_acero_carbono.pdf
- http://jotaxanalesuti.iblogger.org/union_budget_2020_highlights_download.pdf
- http://sevowina.medianewsonline.com/82288816715.pdf
- http://sixesijilolun.mywebcommunity.org/asrock_z87_pro3_manual.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- http://ziputira.epizy.com/94385413824.pdf
- http://sinusisokopex.atwebpages.com/18157961206.pdf
- https://uploads.strikinglycdn.com/files/4ae6fe8b-73ad-4eae-81bb-799f28971d09/74959866382.pdf
- https://uploads.strikinglycdn.com/files/cae59985-e2df-4684-a648-769142b1c205/10168809919.pdf
- https://uploads.strikinglycdn.com/files/6e17f61f-73a4-4578-a469-3ed426975376/complex_numbers_worksheets.pdf
- http://vomogowejupilu.rf.gd/jammu_university_date_sheet_private_1st_sem.pdf
- http://bejutamukedus.epizy.com/hot_dip_galvanized_steel_sheet_in_coil.pdf
- https://uploads.strikinglycdn.com/files/21895672-4bea-448b-ae9c-9a358e0d7388/miller_falls_74c_miter_box.pdf
- http://nubomozakazir.epizy.com/banking_system_of_education.pdf
- http://meriwejun.rf.gd/90536673738.pdf
- http://vepuguda.rf.gd/survival_kit_bible_verses.pdf
- http://fogokenum.onlinewebshop.net/articulo_de_opinion_sobre_el_feminicidio.pdf
- http://larotusen.rf.gd/wesimi.pdf
- http://goxabepod.rf.gd/28788947539.pdf
- http://tasefabomodewiv.epizy.com/pdf_book_maker_free_download.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00011519.bin074656e74af4f1ddc2506c08a3b501ee6ec03a491422ee23315a41b5ea069656 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x11519 | 5844 bytes |
font_01_sfnt_off000128fa.bin31567b610da4c5830944e12458c1585708a4d7b7c546f48f7eb2809a2403f2b4 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x128FA | 11436 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.