MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF file was flagged by a machine learning classifier and ClamAV as malicious, specifically as a phishing trojan. It contains an embedded URL that directs users to a suspicious domain, likely for credential harvesting or malware distribution. The document body, though heavily obfuscated, appears to reference school uniforms, suggesting a social engineering lure.
Machine Learning
- Nyx PDF Classifier malicious score 0.9998
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://seumenha.ru/123?utm_term=charlton+secondary+school+uniform
- https://cdn.sqhk.co/bezakebijuk/jbwjiYP/teronek.pdf
- http://wirajamosilun.22web.org/57304585289.pdf
- https://cdn.sqhk.co/pigalixow/jbwN6oF/contract_killer_zombies_war_mod_apk_free_download.pdf
- https://cdn.sqhk.co/nupepewomaxu/gemibgj/fujonol.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://uploads.strikinglycdn.com/files/111399c5-9043-40e4-9e01-069c5f351fa1/79918226801.pdf
- https://s3.amazonaws.com/jarirotexab/lalixoz.pdf
- https://uploads.strikinglycdn.com/files/070b2cd6-991a-4a98-a775-d92febb4152b/monitor_de_signos_vitales_philips_mp20.pdf
- http://nerokezixuzat.epizy.com/kujoden.pdf
- http://zasapetivomi.rf.gd/58486926512.pdf
- https://uploads.strikinglycdn.com/files/9c48ef5f-30c4-4fd1-8e54-695d1d782539/what_do_you_call_someone_who_is_a_quick_learner.pdf
- https://s3.amazonaws.com/podawakumepewez/wiporosubegix.pdf
- http://rawarawoxegig.epizy.com/cambridge_primary_mathematics_stage_5.pdf
- https://uploads.strikinglycdn.com/files/a7c8c80a-0853-424a-8db4-8303535eab21/vogatamefurunebib.pdf
- https://uploads.strikinglycdn.com/files/2a56c4f5-a6c1-43a3-9f50-f72867464705/lexus_rx_350_sport_2015_for_sale.pdf
- https://s3.amazonaws.com/perurulexi/japogozexurikemulaxun.pdf
- https://uploads.strikinglycdn.com/files/c649342f-f798-4200-9af9-67f170e273da/applied_physics_multiple_choice_questions_with_answers.pdf
- https://uploads.strikinglycdn.com/files/aa3be49d-d315-472e-8d9b-800baf790e00/belopigegowojevidumu.pdf
- https://uploads.strikinglycdn.com/files/0dbc4012-c4de-4413-9077-56f2e9353698/the_adventures_of_huck_finn_disney_movie.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000eeaa.bin1b5377f0c0a20a6633b5393ec543da9cbaab22ad5f579885593799337b0fe7bd |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xEEAA | 5268 bytes |
font_01_sfnt_off0001006d.bina66a18d776e3970aae6cc0472752b2f80fdd17e8ef092e1c8bbdc20a4a161c82 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1006D | 11628 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.