MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF file contains an embedded URI pointing to a suspicious domain, 'jottigo.ru', which is flagged as malicious by heuristics. The ML classifier and ClamAV also identified this PDF as malicious, suggesting it's part of a phishing or malware distribution scheme. Although no explicit script was found, the presence of the malicious URL strongly indicates an attempt to redirect the user to a harmful site.
Machine Learning
- Nyx PDF Classifier malicious score 0.8488
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
PDF differential parser failed info PDF_DIFFERENTIAL_PARSE_FAILEDThe cross-check parser (pdfminer.six) failed on this file: PDF differential parser failed: PDFSyntaxError. Static heuristics still ran and any of their findings above are valid; only the differential cross-check signal is missing.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://jottigo.ru/award?keyword=angelus+silesius+libros+pdf
- http://setofexperience.site/samsung_nu7100_43_inch_price_in_pakistan5odzk.pdf
- https://cdn-cms.f-static.net/uploads/4374207/normal_6055be4d62c4c.pdf
- http://reduslimitalia-oficial.site/ciudad_fantasma_bernardo_esquincas0aer.pdf
- https://cdn.sqhk.co/zikonidenijo/bibW83V/11762415641.pdf
- http://piredvizhnik.com/game_commando_survival_battleground_mod_apks9z0k.pdf
- https://cdn.sqhk.co/fiduzosi/chikheF/66636586068.pdf
- http://betizekaxu.getenjoyment.net/how_to_make_cool_science_projects.pdf
- http://zekaxezixil.medianewsonline.com/momo_traders_amazon.pdf
- http://luminar2-download.xyz/text_to_voice_changer_software_free5gkd6.pdf
- https://cdn.sqhk.co/xipepovivik/dgjgfhg/10137249261.pdf
- http://botanilix.mygamesonline.org/ias_zoology_syllabus.pdf
- https://cdn-cms.f-static.net/uploads/4381098/normal_603159714339f.pdf
- https://cdn.sqhk.co/rubutemoxe/jgheia5/idle_forge_craft.pdf
- https://cdn-cms.f-static.net/uploads/4372673/normal_5fd3c2d4b2bae.pdf
- http://sovuradema.medianewsonline.com/how_long_do_snow_blowers_last.pdf
- https://cdn.sqhk.co/bivuwusim/hkB2GDC/free_streaming_apps_for_xbox_one.pdf
- https://cdn-cms.f-static.net/uploads/4418963/normal_605d82494a66d.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://9049409e-dcbb-43fe-b7cb-0f7a5d042cf1.filesusr.com/ugd/e59eee_b744d60accbe4e0eab474146427ec47b.pdf?index=true
- http://gogujigasad.onlinewebshop.net/najudiw.pdf
- https://dc273c12-e125-4738-b2e6-b96bc4bd5eb7.filesusr.com/ugd/c8df25_37dd890313744bdc8ac1ad19f4e4d4d1.pdf?index=true
- https://72a23b54-95c1-47c0-80d6-f7b1310faeb8.filesusr.com/ugd/65b209_26de11017fc4434cb2b6ba22553e6fd4.pdf?index=true
- http://kozogasivufi.myartsonline.com/bogunanu.pdf
- http://gezixus.myartsonline.com/wotis.pdf
- https://f8b57e9d-e272-4783-b6f5-6420e6b93425.filesusr.com/ugd/886b73_207e2f7ff9594d1ab6a25012ad9cc43c.pdf?index=true
- http://duxegejuw.atwebpages.com/5039731686.pdf
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000f7cf.binb6e022022eedaf1c540686d9cbd505f25e3bda70c0f4273ca3aa8c36abc69978 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xF7CF | 5128 bytes |
font_01_sfnt_off00010950.bin1041dbadf75dcbc257f270b86f917a7732c539a5331149109d5eeeacbdf6cf28 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x10950 | 12572 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.