MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF file contains an embedded URL that, when clicked, directs the user to a suspicious domain associated with a 'verizon stream tv remote setup' keyword. This strongly suggests a phishing attempt to trick users into visiting a malicious site. The ML classifier and ClamAV detection further corroborate the malicious nature of the file.
Machine Learning
- Nyx PDF Classifier malicious score 0.9999
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://pelibifir.ru/wb?keyword=verizon%20stream%20tv%20remote%20setup
- https://cdn.sqhk.co/juxerawabuf/O8ibiaj/41675759038.pdf
- https://cdn.sqhk.co/vuzowadijavu/ijhfx1y/botolevopepez.pdf
- https://dokegofixak.weebly.com/uploads/1/3/0/8/130873830/fodagexa.pdf
- https://mujiborabasovu.weebly.com/uploads/1/3/4/5/134590634/9416476.pdf
- https://xezatitewifesel.weebly.com/uploads/1/3/4/3/134393938/c661f2.pdf
- http://xokenijogowupe.22web.org/synonym_and_antonym_worksheets_for_high_school.pdf
- https://cdn.sqhk.co/solijisivono/gpFzuhh/pemegabovakoxomukebija.pdf
- http://santaparker.store/jinokipamotoduycb77.pdf
- https://cdn.sqhk.co/rawavuzom/jM9rJcC/79592228651.pdf
- https://xupusunozad.weebly.com/uploads/1/3/1/0/131070799/9303601.pdf
- http://gladkoe-telo.xyz/xejobojurofozokifesvksz8.pdf
- http://redtea.space/rofovevupafedutilefuminobsxjb.pdf
- https://lutaxebibutemun.weebly.com/uploads/1/3/1/3/131380730/6453004.pdf
- http://bcpzonasegura10beta-viabcp.com/93712107453l5ws0.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://s3.amazonaws.com/suximawo/europass_cv_template_2019.pdf
- https://s3.amazonaws.com/setikizo/nuruwami.pdf
- http://tufuripisaren.epizy.com/nusofuva.pdf
- http://fewaxujuwede.rf.gd/agarose_and_polyacrylamide_gel_electrophoresis.pdf
- http://zunuwovadete.epizy.com/barovoromesa.pdf
- http://luzeparuzibez.rf.gd/alman_dili_qrammatika.pdf
- https://s3.amazonaws.com/gurowozenupifi/19364297186.pdf
- https://s3.amazonaws.com/pisedij/70468143236.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00010b83.binc73c35057d92a22685b228924f90f6f1b32e36d44a60d257bd298635c7eba747 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x10B83 | 5008 bytes |
font_01_sfnt_off00011c86.bine84f375440dfd19052e1ab8445deea8e4f698b641a113e949adab60452a97c9a |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x11C86 | 10904 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.