MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF file contains a heuristic indicating an external URI, which points to a suspicious URL. The ML classifier and ClamAV detection strongly suggest malicious intent. The document body, though heavily obfuscated, appears to be a lure related to a parts manual, likely designed to trick users into clicking the embedded link.
Machine Learning
- Nyx PDF Classifier malicious score 0.9996
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://wastran.ru/pbw?utm_term=vermeer+sc252+parts+manual PDF link annotation
- https://cdn-cms.f-static.net/uploads/4422876/normal_606e99139d6be.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4416671/normal_60299d8285822.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4414175/normal_60339914b6c2b.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4452171/normal_605506d225f82.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4375197/normal_5fe8165fb5678.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4391340/normal_5fef544f2bacf.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4454419/normal_601e25c389a52.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://uploads.strikinglycdn.com/files/be0ae8d2-6ac5-4e80-9b19-8473d111c71e/12951076602.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/0167bd2e-9746-4aee-9754-66bdee144c12/libozixafodalefa.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/2915c750-c497-4526-a081-e3a22246db2a/nonton_avatar_the_legend_of_aang_sub_indo_episode_7.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/3b4f66a8-0494-41b1-aafe-0f1df76247c5/how_to_use_the_i7s_tws.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/adbf8700-6732-47dd-b765-82af50d072f6/how_can_hr_improve_employee_behavior.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/f59f37b6-0b0d-4555-8215-fff6753f48c7/muwifepasupivekaro.pdfIn PDF document text
- http://negaboxa.pbworks.com/w/file/fetch/144478593/telugu_music_ringtones_free_download_mobile.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/a01d07ca-3ec7-4b2c-8090-62caaa97f0bf/games_of_low_organization_examples.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/12c67eae-a623-4cb6-bd87-687a914a14c7/concreto_estrutura_propriedades_e_materiais_mehta.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/9860ac85-151a-47da-9c11-2ed4d0b68171/79861600198.pdfIn PDF document text
- http://xuruzinijub.pbworks.com/w/file/fetch/144423594/65741816773.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/c3d97187-2fb7-49aa-a187-29054ed74112/32194341269.pdfIn PDF document text
- http://larabefejaji.pbworks.com/f/54562511790.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/e7c1c907-91e8-4ffc-9b5b-8333e91019ef/barn_burning_quotes_explained.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/dd3ca08f-5715-40ec-b8e3-63d2a5cc33fb/1272169030.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0001cc2c.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1CC2C | 5300 bytes |
SHA-256: 35bb10da290b58460197a4012426af727cd8247fd7bbacc2d9a1372da9ba0093 |
|||
font_01_sfnt_off0001de25.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1DE25 | 11852 bytes |
SHA-256: 219fdd90f092e1679e205b6797a1a8c192e51fbd815f7ed00bd9a937778f8a89 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.