MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF file contains an embedded URL that redirects to a phishing-related domain. The document body, though heavily obfuscated, appears to be a lure related to lock codes, suggesting a social engineering attempt to trick the user into visiting the malicious URL. The ML classifier and ClamAV detection strongly indicate malicious intent.
Machine Learning
- Nyx PDF Classifier malicious score 0.9998
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://pelibifir.ru/strik?utm_term=how+do+i+change+the+code+on+my+schlage+connect+lock
- https://cdn.sqhk.co/kusamika/hjf9pgf/movie_collection_app_for_pc.pdf
- http://nubigawe.22web.org/ielts_academic_listening_and_reading_answer_sheet.pdf
- https://cdn.sqhk.co/lixipadiwel/ibLk8hg/malwarebytes_anti_malware_premium_2._1_8.pdf
- http://naturalgood.space/44887643568aaocm.pdf
- http://hookup671.site/the_female_brain_imdbqg53b.pdf
- http://noksipals.online/stihl_034_av_priceqmdz5.pdf
- https://cdn.sqhk.co/waboperunut/i7TnhP0/45184732504.pdf
- https://cdn-cms.f-static.net/uploads/4470553/normal_603c2683d3eaa.pdf
- https://cdn.sqhk.co/loxowopiv/tVjdfji/tes_praktek_sim_c_2019.pdf
- https://cdn-cms.f-static.net/uploads/4479213/normal_601b4a7c01207.pdf
- https://cdn.sqhk.co/lerapuraroke/d7jEhfe/rocket_car_ball_for_pc.pdf
- https://cdn.sqhk.co/bepoweruga/ifghM0k/threads_pour_instagram_apk.pdf
- http://tdsevsvet.ru/the_pros_and_cons_of_inbreeding_dogso7why.pdf
- http://taranif.22web.org/nuwofananikafuliwen.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- http://mepejolowu.rf.gd/24888810113.pdf
- https://uploads.strikinglycdn.com/files/3faed001-11f2-4e40-a157-8f8496237e10/are_infps_smart.pdf
- https://uploads.strikinglycdn.com/files/75ba2efd-d8f7-41f8-8c4d-544b17e41fff/mathematical_interest_theory_solutions_manual_download.pdf
- http://dipubuwefo.epizy.com/19287629508.pdf
- https://uploads.strikinglycdn.com/files/7a1237d4-23ac-4c26-94af-65961b65190d/67409759963.pdf
- http://fotufawov.epizy.com/types_of_cognitive_biases.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000f5b3.binaa175944a728af92fb0c9bc36d6a22423960ab1f14d2d163cfb732ed52c3ad74 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xF5B3 | 5476 bytes |
font_01_sfnt_off00010849.binddaee05171cbc51907a945b5f05f8bc30fb0c11b75eda580448db1a812cb066d |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x10849 | 11360 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.