MALICIOUS
66
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The file is a PDF that contains an embedded URL pointing to a phishing site. The ClamAV heuristic also identified it as a phishing trojan. While no scripts were explicitly extracted, the PDF structure and embedded URI suggest an attempt to redirect the user to a malicious domain for credential harvesting or malware delivery.
Machine Learning
- Nyx PDF Classifier suspicious score 0.4775
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://xezojetit.ru/wix?keyword=the+power+of+a+praying+woman+pdf
- https://tuwoganerolet.weebly.com/uploads/1/3/4/6/134631505/kijibuzetunikefa.pdf
- https://static.s123-cdn-static.com/uploads/4421764/normal_5fc969c229e80.pdf
- https://fokifukamanur.weebly.com/uploads/1/3/0/8/130874497/niparezewe.pdf
- https://lorudopop.weebly.com/uploads/1/3/4/3/134315835/gasadonipidupeja.pdf
- https://cdn.sqhk.co/rapedipular/bieGjgk/fishing_texas_gulf_coast_report.pdf
- http://d2-club.ru/trumpet_major_scales_finger_chartidlj5.pdf
- http://bestrongbyg.com/adobe_audition_trial_freehkm3v.pdf
- https://cdn-cms.f-static.net/uploads/4369310/normal_6011ce3060743.pdf
- https://dedidebu.weebly.com/uploads/1/3/2/7/132740692/dd390748dc1.pdf
- https://cdn-cms.f-static.net/uploads/4411696/normal_603aaa264e8fe.pdf
- http://help-business-media.com/57144078584kfeev.pdf
- https://cdn.sqhk.co/kevovevude/dgj86tG/6760556106.pdf
- http://my-favshopf.online/japadugofezavuwawavogmeos.pdf
- https://cdn-cms.f-static.net/uploads/4408983/normal_604d94c519bc6.pdf
- https://rutebesutev.weebly.com/uploads/1/3/4/1/134131531/vokufusivivodozofo.pdf
- https://cdn.sqhk.co/wepigosogo/ijHgiLp/rainbow_snakehead_tank_mates.pdf
- http://flowerport.shop/79578980458qj67e.pdf
- https://cdn.sqhk.co/zaviresodew/vFjgvJ5/27922659652.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://e2604e0b-f95a-4acb-b53f-a7db3827b2a1.filesusr.com/ugd/225520_7a9023120d84456d9c28a2c9fa77ff98.pdf?index=true
- https://af431a04-9ebc-4ea4-a98d-45e4ffbfad14.filesusr.com/ugd/485053_46afd02eb87740b1b115ce8b50355944.pdf?index=true
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0010020c.binb4f4cced0cf3b9281fa611a31335c913137a6991f02714ac3a6b86fbd55071a4 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x10020C | 5388 bytes |
font_01_sfnt_off0010145a.binc33a3542aaa336d23151e8e60af0ec39b13dffc137ee8253def4127216c21302 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x10145A | 11992 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.