MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The file is identified as malicious by ML classifiers and ClamAV, with a high risk score. It contains an embedded URI pointing to 'maypoin.ru', which is likely a phishing or malware distribution domain. The document body, though heavily obfuscated, suggests a lure related to a piano score, indicating a social engineering tactic.
Machine Learning
- Nyx PDF Classifier malicious score 0.9993
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://maypoin.ru/award?keyword=as+time+goes+by+piano+score+pdf PDF link annotation
- https://static.s123-cdn-static.com/uploads/4403822/normal_5fcc90f9e1865.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4414164/normal_5fd0607b9ec9c.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4464529/normal_603b4b6a5ba0d.pdfIn PDF document text
- http://thelandofbadideas.com/moxalitegoxewuxoveriqb771.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4371005/normal_5ffc6f0f4196e.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4421039/normal_5ffe6dbfa22bf.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4388421/normal_6016d0cf3df4c.pdfIn PDF document text
- http://cucoupon.info/rugajefobuvadidovf1oyw.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4485156/normal_6066cd2f142b0.pdfIn PDF document text
- http://vitodibiwanezej.mypressonline.com/addition_subtraction_multiplication_division_worksheets_for_4th_grade.pdfIn PDF document text
- http://fridgeservice.ru/bosch_glm_80_display_problemco583.pdfIn PDF document text
- http://lakujalinifibo.mypressonline.com/vugitaxefaba.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4380876/normal_5fdb736e4b256.pdfIn PDF document text
- http://carbackseat.site/18434497732uoa2o.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4463010/normal_602a9623da896.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4446635/normal_5ff26fc8e2dc6.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://fb9345b8-40be-4608-a8ff-9c5427dba92f.filesusr.com/ugd/98d639_365d95b815784aafb6a1618b40ef451a.pdf?index=trueIn PDF document text
- https://uploads.strikinglycdn.com/files/2bdb9498-7b67-4c88-9c2a-e38614202d82/can_you_call_to_make_an_appointment_at_the_dmv.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/a16401c7-ce19-45f0-9356-d387d3528b78/reading_and_responding_to_body_language_using_facial_expressions_and_using_silence.pdfIn PDF document text
- http://jisijuvod.myartsonline.com/briggs_myers_personality_test.pdfIn PDF document text
- https://d4508431-0eee-4913-ac2a-2ec907ed9b18.filesusr.com/ugd/12daa7_905d6c9c608849c490af9575c1bfa9b0.pdf?index=trueIn PDF document text
- https://uploads.strikinglycdn.com/files/3cca46bc-c7a4-400c-b578-c17a4858973c/sentence_fluency_worksheets.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/c7cd4065-7aa0-4fb9-becc-b37d6a225b1c/make_the_big_time_where_you_are_book.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/9c700c6f-095b-4adc-bc9a-258fd83ebb3d/perfect_fingerstyle_tabs.pdfIn PDF document text
- https://40e214c1-1950-44e8-a195-e2c6eeb23253.filesusr.com/ugd/a517f4_dc3c2d13138340eb97b33e5a5b0cf259.pdf?index=trueIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000f3c9.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xF3C9 | 5672 bytes |
SHA-256: 456b0ce5afc3ae58032fdb4e52a51c9536ecfd4b1d2a578d5c64cec4bacd0378 |
|||
font_01_sfnt_off00010701.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x10701 | 11608 bytes |
SHA-256: 27bcc6496b7dfcfc99139cce5bbb3ba504eb949e6c0ab83d93979abd10a3fa8e |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.