MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF file was flagged as malicious by a machine learning classifier and ClamAV, indicating a high likelihood of malicious intent. The embedded URL, https://kuzutuzo.ru/wix?keyword=word+world+dvd, is suspicious and likely leads to a phishing or malware distribution site. While no scripts were explicitly extracted, the PDF structure and embedded URI heuristic suggest an attempt to redirect the user to a malicious external resource, characteristic of phishing or malware delivery.
Machine Learning
- Nyx PDF Classifier malicious score 0.9997
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://kuzutuzo.ru/wix?keyword=word+world+dvd
- https://cdn.sqhk.co/pidenali/frBihhh/luganemasupasazoluvolebuk.pdf
- https://cdn.sqhk.co/silutoge/icGshfE/f1_manager_2020.pdf
- http://faxejurimuzuret.22web.org/vibizexixeko.pdf
- https://cdn.sqhk.co/vaxarogajib/Qgc0hha/72567011447.pdf
- https://cdn.sqhk.co/xosaletozobi/ph5htzj/50519185129.pdf
- https://cdn.sqhk.co/sofaxuleruri/ghZjfgc/i_might_just_risk_it.pdf
- https://cdn.sqhk.co/buzaxelubot/HhhQXt2/unicorn_dash_2_mod_apk.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- http://lofoxos.epizy.com/invitation_card_template_photoshop_free.pdf
- http://vukenorap.epizy.com/descargar_banorte_movil_apk_4._4.pdf
- https://08b4a39d-fa16-4eaa-91be-ae90003cacb9.filesusr.com/ugd/237bf7_1678edbb955947fb8eb96e358b5f7a29.pdf?index=true
- https://s3.amazonaws.com/penale/alfabeto_hebreo_espaol.pdf
- https://s3.amazonaws.com/badodemebo/61205376464.pdf
- http://jusiwanemil.epizy.com/little_ducklings_nursery_ofsted_report.pdf
- https://s3.amazonaws.com/nolarifaforuxop/matador_s_foe_crossword_answer.pdf
- https://s3.amazonaws.com/tasufagijaremo/86083287253.pdf
- http://nuxizutize.rf.gd/varaviraramudogigeluxopa.pdf
- http://pugomifo.epizy.com/new_movies_2018_punjabi_free.pdf
- https://237a2310-9536-43ad-add1-fe73b840a51a.filesusr.com/ugd/8b319d_36dc49bb3e3745a3b835a6999c465f99.pdf?index=true
- https://c1f973cf-d719-4acb-8f9e-cd83ae4fb94d.filesusr.com/ugd/057766_70f7ec1f01a64886b42578623408dcfd.pdf?index=true
- https://s3.amazonaws.com/xajowu/jigajakatumezuromebixu.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000e8bf.bin1dd6dba42c05fde90acfc818ded373fbc88b6032739d7cff3c2b702403c94d4b |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xE8BF | 4596 bytes |
font_01_sfnt_off0000f886.binfc7ea97c266d75b68392e0aea3a0d6d2d42b88f245d2d27c34563f12db2bd6a3 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xF886 | 11280 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.