MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF file was detected as malicious by ML classifiers and ClamAV, indicating a phishing or trojan payload. The document body and embedded URLs suggest a lure to a malicious website, likely to download further malware. The primary malicious URL identified is https://druttle.ru/wix?keyword=365+bedtime+stories+and+rhymes+pdf.
Machine Learning
- Nyx PDF Classifier malicious score 0.9997
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://druttle.ru/wix?keyword=365+bedtime+stories+and+rhymes+pdf
- http://fakaluwu.scienceontheweb.net/mofilesinan.pdf
- https://bafizotadax.weebly.com/uploads/1/3/4/7/134761596/f9a8bf08e4dd8c.pdf
- http://pubggaming.online/1793041634646rnr.pdf
- http://xuribof.medianewsonline.com/best_way_to_learn_arabic_as_an_english_speaking.pdf
- https://vutavevivusupe.weebly.com/uploads/1/3/0/7/130776898/7675442.pdf
- https://bezowaki.weebly.com/uploads/1/3/4/6/134611163/69dc461.pdf
- http://istlan.space/8905588456yl8d3.pdf
- https://jifofavara.weebly.com/uploads/1/3/4/6/134631997/bidofejufi_bupebubiber_tukukunuvekebo.pdf
- http://tokio-2020.fun/60281747712jg2z9.pdf
- http://doorstepcomputers.com/amor_del_alma_vicente_fernandez1rzx5.pdf
- http://mybestchan.online/83555595943ar0aw.pdf
- https://tinozuxitijerel.weebly.com/uploads/1/3/4/5/134528375/823c4d26b1dec.pdf
- https://velineninebag.weebly.com/uploads/1/3/4/6/134608195/635889.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://s3.amazonaws.com/lixasifasi/what_is_an_ecosystem_biology_worksheet.pdf
- https://uploads.strikinglycdn.com/files/66940e74-5702-4ffe-8ba7-f92749b6a0b9/calibrate_samsung_uhd_tv_6_series.pdf
- https://s3.amazonaws.com/zeworibuzoza/guturadoneras.pdf
- http://kuxemozoxabonag.onlinewebshop.net/viktor_frankl_stimulus_response.pdf
- https://uploads.strikinglycdn.com/files/ec9d18e5-e545-4f9e-856d-7f97cd55e5c7/what_is_the_salary_of_isro_scientist_in_india.pdf
- https://uploads.strikinglycdn.com/files/97056b1b-133f-4482-a479-331cb446999a/how_to_simplify_exponents_and_radicals.pdf
- https://s3.amazonaws.com/gowupuzokowuxes/guided_meditation_for_stress_and_anger.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000e1c7.bin90f9cd56de96f71778951620fac1369e1aa1e256130b2d5c88c7d131c6af760a |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xE1C7 | 5840 bytes |
font_01_sfnt_off0000f57a.bin6965ada1f36f6922b35d5022a1a7e08b96437c2c5c28dee5945a6c454aeb7cd8 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xF57A | 11088 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.