MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF file contains an embedded URL that redirects to a phishing site, disguised as a search result. ClamAV and ML classifiers also flagged this file as malicious, indicating a high likelihood of phishing or malware distribution. No scripts were extracted, but the presence of external URIs and the document's deceptive content strongly suggest a phishing attack.
Machine Learning
- Nyx PDF Classifier malicious score 0.9997
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://mezovuduw.ru/strik?utm_term=sennheiser+hdr+170+battery+replacement
- https://cdn.sqhk.co/dasofuduveje/wMhcxih/methotrexate_side_effects.pdf
- https://cdn.sqhk.co/vefomatakin/iiuuAie/process_flow_chart_editable_template.pdf
- http://umdtheatre.ru/womekujegaguwouuj9w.pdf
- http://trokot-shtorki.online/xopikufosikobajazbiz8.pdf
- http://ig-copyrightnoticehelp.com/good_novels_for_8_year_oldse2kv1.pdf
- https://cdn.sqhk.co/sabiwizi/JibERSo/pavorikalikenegazoz.pdf
- https://cdn.sqhk.co/wofunukasu/dodNdij/2288749548.pdf
- https://static.s123-cdn-static.com/uploads/4471464/normal_5fcbacb1549a6.pdf
- http://detonic-shop.website/kubisinubirebidusissmp75.pdf
- https://static.s123-cdn-static.com/uploads/4461484/normal_5fc85c340823e.pdf
- https://cdn.sqhk.co/wojusipi/iOgcje8/4_4_hill_climb_off_road.pdf
- https://cdn.sqhk.co/zanotunuzi/hbVWwHi/55816478917.pdf
- https://cdn-cms.f-static.net/uploads/4469105/normal_604d0852578a4.pdf
- https://cdn.sqhk.co/xagegegozi/75Hvi4W/super_car_robot_transforme_futuristic_mod_apk.pdf
- http://card2card.live/simple_json_parsing_example_in_javaidzrg.pdf
- https://cdn.sqhk.co/lopijikuvi/ijgggjd/anemia_falciforme_dietoterapia.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://s3.amazonaws.com/zedilegol/9134725073.pdf
- https://s3.amazonaws.com/feborobegibew/magnetic_current_formula.pdf
- https://s3.amazonaws.com/solonebosop/mariage_d_amour_sheet_music_piano.pdf
- https://s3.amazonaws.com/bulolimepol/what_wifi_channel_does_roku_use.pdf
- https://s3.amazonaws.com/fajonubinomeder/new_hollywood_horror_movies_2016.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000ee81.bin44c47ce00121196a3aafd1e11a641d5278eb44c86143f06e3b07307d62189a0c |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xEE81 | 5932 bytes |
font_01_sfnt_off00010294.bina67073463e8c74523a721921e487861d58ce1a593991ba2cdd59f7da71900c7c |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x10294 | 10684 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.