MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF file was flagged by a machine learning classifier and ClamAV as malicious, specifically identified as a phishing trojan. It contains an embedded URI pointing to a suspicious domain, which is likely part of a phishing or malware distribution scheme. The document body, though heavily obfuscated, appears to be a lure related to car values.
Machine Learning
- Nyx PDF Classifier malicious score 0.9991
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://pelibifir.ru/award?keyword=kelley+blue+book+for+car+values PDF link annotation
- https://static.s123-cdn-static.com/uploads/4467577/normal_5fdeebb69e1b0.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4454167/normal_5ff434617bea5.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4387244/normal_6038d586c6c7e.pdfIn PDF document text
- https://cdn.sqhk.co/madilaxetevo/GZgcjiS/project_management_software_free_gantt.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4482619/normal_5ff1cdaf352f3.pdfIn PDF document text
- https://cdn.sqhk.co/rapawaferew/hjhhsgi/bowling_3d_psp.pdfIn PDF document text
- https://cdn.sqhk.co/guwezasov/rPichdX/easy_origami_jumping_frog.pdfIn PDF document text
- https://cdn.sqhk.co/mojupesonon/gcHVTif/61680736445.pdfIn PDF document text
- https://cdn.sqhk.co/vopupevomate/a6hd0jh/40th_birthday_decoration_ideas_for_her.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4407084/normal_5fd84dd17d413.pdfIn PDF document text
- http://manuximaxemeje.scienceontheweb.net/illuminated_manuscript_meaning.pdfIn PDF document text
- http://nogurufegu.mygamesonline.org/wukulufi.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4445128/normal_5fcccd6610560.pdfIn PDF document text
- https://cdn.sqhk.co/duwefetufe/igdbab2/romalulera.pdfIn PDF document text
- https://cdn.sqhk.co/gefeloxo/jiMwlRV/survival_raft_lost_on_island_simulator_mod_apk.pdfIn PDF document text
- https://cdn.sqhk.co/wularumijif/fjcticZ/15219343963.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4380226/normal_6026936e79592.pdfIn PDF document text
- https://cdn.sqhk.co/dobajinorite/haIhbha/crossword_mysteries_a_puzzle_to_die_for_cast.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4455207/normal_601dce6ac2037.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://uploads.strikinglycdn.com/files/d4d41cc7-989c-4e09-898e-4ffa229f47d1/mepatewelikafupit.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/ae1cfb58-ddbb-4f8b-bdcf-8e42d8c08cfa/29041489282.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/f5603df5-a4da-4da0-96bb-ee17838ad8b5/baxemidevefuwinezipoxu.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/9ffd01f5-cd4c-471f-8edf-12d898062e3f/96474600198.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/b023c3e6-a514-4aef-852c-e97a8e512ffc/95564950902.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000e2be.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xE2BE | 5212 bytes |
SHA-256: da2a5258f30d2611bc6faa091bc2a6a9ec6dfb1ae32614dca6aefe7b08839211 |
|||
font_01_sfnt_off0000f49a.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xF49A | 10560 bytes |
SHA-256: f6d1b7823fde1965e609e66c558b252ac9a7f3c78f84e9da0ca6e8d0708868d6 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.