MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF file contains an embedded URI pointing to 'seumenha.ru', which is suspicious and likely part of a phishing or malware distribution scheme. The document body, though heavily obfuscated, suggests a lure related to 'psychology pdf'. The ML classifier and ClamAV detection strongly indicate malicious intent, likely related to phishing or malware delivery.
Machine Learning
- Nyx PDF Classifier malicious score 0.9910
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://seumenha.ru/award?keyword=define+psychology+pdf PDF link annotation
- https://cdn.sqhk.co/pesuxigu/jG7JTaY/vintage_toyota_race_car.pdfIn PDF document text
- http://crysety.xyz/5702651933y79uk.pdfIn PDF document text
- http://firstsecu-paypal.com/sebijawenerili6xyq.pdfIn PDF document text
- https://cdn.sqhk.co/gidulikegel/hc6igFp/58365614155.pdfIn PDF document text
- http://leyloften.online/best_2d_performance_video_carddq3mx.pdfIn PDF document text
- https://nudadisaxoge.weebly.com/uploads/1/3/4/0/134018155/zotuzipasoz_memoparefexusu.pdfIn PDF document text
- https://fasukawoj.weebly.com/uploads/1/3/1/4/131453618/578e76d6b82.pdfIn PDF document text
- https://cdn.sqhk.co/pufowuvikij/jRlgehf/kings_barbershop_near_me.pdfIn PDF document text
- https://juvarefuj.weebly.com/uploads/1/3/1/3/131398009/4784268.pdfIn PDF document text
- http://onlineeshop24.xyz/levis_jeans_uk_size_guide52pw6.pdfIn PDF document text
- https://japafapu.weebly.com/uploads/1/3/1/4/131437770/bamoregegizarodel.pdfIn PDF document text
- http://abouts.space/english_to_thai_alphabet_translation3yw9e.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://uploads.strikinglycdn.com/files/d0a96605-8b77-4b10-91d2-ac085efd2db6/wufimaxowusomute.pdfIn PDF document text
- https://1ba6f066-89d4-4445-b8a9-08a6de046ef2.filesusr.com/ugd/d40554_190c3b6fd879457283e89f818cc47f98.pdf?index=trueIn PDF document text
- https://eecb1da5-82b7-48ef-90e5-6a20895c07e7.filesusr.com/ugd/88a84f_dc09968921e5429b95ce629e406f455d.pdf?index=trueIn PDF document text
- https://uploads.strikinglycdn.com/files/883c22b4-a2f8-4050-bc45-87c350b24c52/38410062449.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/55091b61-0af9-48e6-afa2-f46a2d7a263a/76832285176.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/645502f0-ebf4-4ac0-8c42-02ca05991e92/what_is_the_best_free_audio_recording_software.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/811cc340-e2c2-4534-a36b-4dd1af0fefac/how_to_do_day_trading_without_25k.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/c789e9fd-1d48-4c4c-9258-bd7eaa162562/hp_p2035_printer_repair.pdfIn PDF document text
- https://0ea28b16-58c2-472d-b6be-3e97fe9b7bb6.filesusr.com/ugd/696b8a_d8768d02b39c41c386b44fc18cca410a.pdf?index=trueIn PDF document text
- https://uploads.strikinglycdn.com/files/b63fa347-cb51-44f5-96eb-24fe71ff73a9/brother_xr9500prw_sewing_machine_price.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/8a58b5da-eaf8-4a08-8c21-593d1bc3d33e/beats_solo_2_wireless_headphones.pdfIn PDF document text
- https://13fad4bf-7224-44b3-802b-16842e97d241.filesusr.com/ugd/b14664_fa0fc26121e74eedb97983db5faa030f.pdf?index=trueIn PDF document text
- https://cb8582fb-ab29-4f13-bfd4-623ca244ab52.filesusr.com/ugd/d61b30_795213932438469992f21f3e2bccc9f7.pdf?index=trueIn PDF document text
- https://uploads.strikinglycdn.com/files/7a0f2f56-ed89-476f-a886-a1e22aff7607/85865607487.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/67d28aa3-5456-4f20-a978-61ceffdd328d/how_to_write_an_advertisement_analysis.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00031c46.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x31C46 | 5212 bytes |
SHA-256: 0c8a78558871022e6dc860b9fb49ecca205b2d99a540eaae1aeac7e3099257c9 |
|||
font_01_sfnt_off00032e1b.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x32E1B | 15520 bytes |
SHA-256: 1abc53b38f51da232f5db38e5488d9c8f9af263ed42cda5fe85e3d64c643e74f |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.