MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The file is identified as malicious by ML classifiers and ClamAV, with a high risk score. It contains an embedded URI pointing to 'dafemum.ru', which is likely a phishing or malware distribution domain. The document body, though heavily obfuscated, suggests a lure related to 'atoms structure worksheet pdf'. No scripts were extracted, but the presence of external URIs and the overall detection profile indicate a phishing or downloader attack pattern.
Machine Learning
- Nyx PDF Classifier malicious score 0.9992
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://dafemum.ru/award?keyword=atoms+structure+worksheet+pdf
- http://allerop.xyz/why_does_my_vizio_sound_bar_not_work_with_netflixbzl6v.pdf
- http://vizilirudigub.getenjoyment.net/distinguish_between_equality_and_equity_in_education.pdf
- http://xebiniseba.mygamesonline.org/54049806987.pdf
- http://regsenatvumen.website/brother_printer_hl-2140_instruction_manualjjmch.pdf
- https://cdn.sqhk.co/tidaxetosi/V3jdDij/lovecraft_country_season_2_confirmed.pdf
- https://cdn.sqhk.co/zezetemirag/eT95C4f/movies_coming_out_in_november_2020_australia.pdf
- https://cdn.sqhk.co/jovowosifo/fhi1tAx/1295296889.pdf
- https://cdn.sqhk.co/gawagunikuw/Tjejf1A/titans_clash_apk.pdf
- https://cdn-cms.f-static.net/uploads/4481156/normal_602cdd12c8cf7.pdf
- https://cdn.sqhk.co/wijelukifap/gOHTbIt/tri_colour_rolling_ring.pdf
- http://newberginvestmentproperty.com/think_of_me_lyrics7fc34.pdf
- http://rm-swis-mine.com/lenovo_t420_laptop_release_datennic3.pdf
- http://dom-bita.org/20267908823ytbxj.pdf
- https://cdn-cms.f-static.net/uploads/4463559/normal_600ba896c961a.pdf
- https://static.s123-cdn-static.com/uploads/4452398/normal_5fcea52dc42cb.pdf
- https://cdn.sqhk.co/nuvexajamu/gjaLhaK/36476372044.pdf
- https://static.s123-cdn-static.com/uploads/4404750/normal_5fc74c08cba97.pdf
- https://cdn.sqhk.co/vutexexukus/B8jeheF/30221393201.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://s3.amazonaws.com/palikuvexake/17801153382.pdf
- https://s3.amazonaws.com/vavapekadoliti/badland_2_mod_apk_rexdl.pdf
- https://s3.amazonaws.com/xoguwavosuje/befegowore.pdf
- https://s3.amazonaws.com/lemefofutomapox/sni_bioplastik.pdf
- http://lumosaneja.onlinewebshop.net/20130750561.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000101b7.bin1bf556fd974293380141e17299d032c96484b42385527f5e5a6c4571c4b9a50a |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x101B7 | 5300 bytes |
font_01_sfnt_off000113ae.bin4de3270405156dc0fcf1848f314c51f373fb3cfaa3a12f867e8d74a180b70795 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x113AE | 11340 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.