MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The sample was classified as malicious by ML and ClamAV, and it contains an embedded URI pointing to a suspicious domain. The PDF structure and embedded content suggest it is designed to trick users into visiting a malicious URL, likely for phishing or to download further malicious content. No scripts were extracted, but the presence of an external URI is a strong indicator of malicious intent.
Machine Learning
- Nyx PDF Classifier malicious score 0.9971
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://xajibur.ru/award?keyword=%25D8%25B1%25D9%2588%25D8%25A7%25D9%258A%25D8%25A9+la+boite+a+merveille+%25D8%25A8%25D8%25A7%25D9%2584%25D8%25B9%25D8%25B1%25D8%25A8%25D9%258A%25D8%25A9+pdf PDF link annotation
- https://cdn.sqhk.co/jawutuwek/fcDAJjb/swing_rider_apk_mod.pdfIn PDF document text
- https://cdn.sqhk.co/kugefiruxat/jbH5o0d/cooking_dash_wikipedia.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4366676/normal_5fe9c5f53708f.pdfIn PDF document text
- https://cdn.sqhk.co/zifuvifiweva/aNS8YGs/bluffing_synonyms_thesaurus.pdfIn PDF document text
- https://cdn.sqhk.co/bowazeduz/iaIhiTd/gufiduzazodipibeza.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4489042/normal_5feda35740a47.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- http://www.daltonmaag.com/In PDF document text
- https://eecb1da5-82b7-48ef-90e5-6a20895c07e7.filesusr.com/ugd/88a84f_62078f24457d4079b7b2717bc0a88741.pdf?index=trueIn PDF document text
- https://s3.amazonaws.com/gurafoga/kawudigexi.pdfIn PDF document text
- https://s3.amazonaws.com/xalexojaxipud/12586503601.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/439bc7d6-6710-4f73-9d07-9a762b349660/descriptive_narrative_examples.pdfIn PDF document text
- https://2a983b51-2e13-4971-8c1f-a5bca3ab4353.filesusr.com/ugd/e1a791_50164e672d2f4354a0661a15852807ea.pdf?index=trueIn PDF document text
- https://uploads.strikinglycdn.com/files/dd40f357-3dbf-478f-a270-217ecf259f72/51249421448.pdfIn PDF document text
- https://s3.amazonaws.com/lopeteb/wifamaveli.pdfIn PDF document text
- https://a1359116-1358-4cde-afc5-3600b4bb50db.filesusr.com/ugd/3b0c81_dc08a0de599b4848bc9dafcff68efd64.pdf?index=trueIn PDF document text
- https://uploads.strikinglycdn.com/files/03d036d0-43e2-4f8d-b1cc-888255f4817a/terry_pratchett_quotes_witches_abroad.pdfIn PDF document text
- https://s3.amazonaws.com/pazovugal/mefuberoxiposasi.pdfIn PDF document text
- https://f85e9a30-dbb9-40fd-a66d-53bd7daafe07.filesusr.com/ugd/1b9faa_db8054ee8db64dbba73116c5a6eee684.pdf?index=trueIn PDF document text
- https://4779f2f8-a33e-4327-9c78-21ee0bcf4620.filesusr.com/ugd/31bf02_020f808f787840b0ba1a560068eea392.pdf?index=trueIn PDF document text
- https://s3.amazonaws.com/fomaralunex/zokepoz.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/08962e3d-7ec5-4d38-9460-6e6aada87caa/ti_86_manual_free_download.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/3bbb932c-5283-4325-8d77-dc825652e664/which_is_better_graco_or_evenflo_stroller.pdfIn PDF document text
- https://86908e24-11f3-43a1-9346-bf531f45ee0b.filesusr.com/ugd/97493d_01ccb6741da64fb686197ba0cf6be889.pdf?index=trueIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://dejavu.sourceforge.netIn PDF document text
- http://dejavu.sourceforge.net/wiki/index.php/LicenseIn PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 5
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
stream_006_off0001c6e2.bin |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x1C6E2 | 32908 bytes |
SHA-256: 4f90770974919a05150969047940dfc22a4518f1c71f9d991cff2298ccdf3fdd |
|||
font_00_sfnt_off00017775.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x17775 | 4796 bytes |
SHA-256: d8e01936d0e609c5e1a40a871bf696418bb8f7e0c6c4fdcd8cdff2540533c46e |
|||
font_01_sfnt_off000187c2.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x187C2 | 12264 bytes |
SHA-256: 7216c19cfb0596eae2fdde3fd9c9ec298cf203df400938f797e832b775085440 |
|||
font_02_sfnt_off0001ae63.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1AE63 | 17096 bytes |
SHA-256: ed4b06d50212c2ed459f20c4694cefb8f68df9bf8964b9f937837f0bf8d26405 |
|||
font_04_sfnt_off0001ff2d.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1FF2D | 4324 bytes |
SHA-256: ce7e2e230a41ba6fc2d7d2240890c8289d67876d84a3d076d67c0b48111c8230 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.