MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The file is a PDF document that contains an embedded URL pointing to a suspicious domain. The ML classifier and ClamAV detection strongly indicate malicious intent, likely for phishing or malware delivery. The document body, though heavily obfuscated, suggests a lure related to a 'Jcb 3cx user manual pdf'. No scripts were extracted, but the presence of the malicious URL is a high-priority indicator.
Machine Learning
- Nyx PDF Classifier malicious score 0.9957
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://gimoguvi.ru/strik?utm_term=jcb+3cx+user+manual+pdf PDF link annotation
- https://cdn-cms.f-static.net/uploads/4486051/normal_605219b311306.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4473902/normal_6039eb8ac4df1.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4446643/normal_60002f943657d.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4485322/normal_606939ab7e688.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://uploads.strikinglycdn.com/files/0f6095bd-f1c2-471b-a7ef-551c71de4eba/digekorojulekufigita.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/3e61d60a-0b9e-4dc1-9815-c2bb009fb61a/husqvarna_128ld_carburetor_fuel_line_diagram.pdfIn PDF document text
- https://s3.amazonaws.com/jedaxopopuko/the_boondocks_season_5_videos.pdfIn PDF document text
- https://s3.amazonaws.com/viromibukoleliw/dr_seuss_books_download.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/03e76f3c-6a6f-42bb-887d-cb3f8fe51f31/how_much_is_elliott_wright_worth.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/184f78b3-3163-42ff-b78a-620671d3aa2f/xodusinig.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/f99a532e-62bf-4bcf-988a-abf09a8f421c/muxerevaja.pdfIn PDF document text
- https://s3.amazonaws.com/libusamagowuvo/gofifoxebezu.pdfIn PDF document text
- https://s3.amazonaws.com/zakunafu/welepalegilore.pdfIn PDF document text
- https://s3.amazonaws.com/gezejoputiwinu/caput_succedaneum_y_cefalohematoma_diferencias.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/1fbefa1e-888d-4239-8b28-f1a02be273ef/50588107780.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/786f3534-f7a9-44e4-833a-102cd20d3380/kezibetinepuv.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/0fed1f33-5c6c-472a-839f-500e53d007e0/tom_clancys_ghost_recon_breakpoint_pc_system_requirements.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/e48cb296-24f2-4ce3-9b48-df669ff2a7eb/fafowesinoramawanigigaj.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/69fd871c-2741-46b0-9131-792789dfd7f0/5957693408.pdfIn PDF document text
- https://s3.amazonaws.com/getizar/gmail_app_android.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/9367b437-30c4-40cf-b3b7-48abefc3142b/caracteristicas_de_la_investigacion_cualitativa_segun_autores.pdfIn PDF document text
- https://s3.amazonaws.com/nupotukig/59066389783.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/2d72b24c-1ecc-44d4-8133-309cd21f588b/89192003939.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/e308365d-f696-4ffe-944c-61b8da0784c5/mini_dv_camera_instructions.pdfIn PDF document text
- https://s3.amazonaws.com/resixexi/overcoming_gravity_results.pdfIn PDF document text
- https://s3.amazonaws.com/gowupuzokowuxes/ghana_fact_sheet.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/1364e174-da88-494d-81f6-d7665c51df2e/pajaniba.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/0d0943cd-8c09-493d-93bd-84d2bcb994c4/mazda_cx_5_remote_starter_battery_replacement.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00010a2c.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x10A2C | 5664 bytes |
SHA-256: d2ee31e2f975485a4cf80a1b5c2170f970addd43d8f3b3b00e5749d4ad09daf4 |
|||
font_01_sfnt_off00011d5c.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x11D5C | 11224 bytes |
SHA-256: bb3f6a1c7909e13b5cc3026bbee3be7e178b504739501d7217e49a7ef1c0659e |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.