MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF file was detected as malicious by ClamAV and an ML classifier, indicating a high likelihood of malicious intent. The embedded URI points to a suspicious domain, likely intended to host malicious content or phishing pages. The document body, though heavily obfuscated, suggests a lure related to 'Superman 8k wallpaper', aiming to trick users into visiting the external URL.
Machine Learning
- Nyx PDF Classifier malicious score 0.9998
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://botokaw.ru/123?utm_term=superman+8k+wallpaper
- https://static.s123-cdn-static.com/uploads/4426415/normal_5ff46e6fbe1be.pdf
- http://ludesajezopaju.medianewsonline.com/lonowibegajodexolazamil.pdf
- https://cdn-cms.f-static.net/uploads/4477147/normal_6012b13650873.pdf
- https://cdn-cms.f-static.net/uploads/4446638/normal_602b3e9213940.pdf
- https://cdn-cms.f-static.net/uploads/4374185/normal_602de95db484b.pdf
- https://cdn.sqhk.co/tisezalave/ieGhjia/tiktok_app_icon_pink.pdf
- http://netekepipavosis.sportsontheweb.net/nusida.pdf
- http://prolac.ru/74238083138gbu9v.pdf
- https://cdn.sqhk.co/ridijafugemi/hetbvLO/ameerah_slimeatory_videos.pdf
- https://static.s123-cdn-static.com/uploads/4378836/normal_5ff13553207c5.pdf
- http://5coupons.info/hamilton_beach_flexbrew_clean_cycletkvlk.pdf
- http://theharaka.online/vukokap5y2z.pdf
- https://cdn.sqhk.co/pafatewodoju/fgchc8o/pagige.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://60659a61-a27b-47ea-8eac-a81775c62269.filesusr.com/ugd/7a7fb1_df503b1ece5042bc8c15198acf76ee2e.pdf?index=true
- https://dd3528e8-ded0-4753-843e-0d3cb9f542e7.filesusr.com/ugd/4d6844_5f75132701024d059f441b513d22f6b6.pdf?index=true
- https://f7f2eb1f-4ce6-40bf-b337-6bcc2c9c1a95.filesusr.com/ugd/dc6899_d552dd0e851640c1a2250b8729ff7c8a.pdf?index=true
- https://c20a02f1-eded-46de-afbf-2d7328e03b26.filesusr.com/ugd/c6fd25_cbb451d09e5a408b8cb4b4da56eb57b0.pdf?index=true
- https://68358877-4ee6-4e53-94f7-4bd9665c1f53.filesusr.com/ugd/3bbd68_1bd1cd7d6aa2468ab665a0435a21d288.pdf?index=true
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000cb22.bin6363cc165694570004c160c63e25e72227e463a99170f0f4d42bcc58e47b8cc0 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xCB22 | 5240 bytes |
font_01_sfnt_off0000dcee.bin8853c8eb333663aa5e1c5db0c154000ead2eb8ba33490ab639a509aaac4e3e55 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xDCEE | 10136 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.