MALICIOUS
94
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF contains an embedded URI pointing to a suspicious domain, likely intended to trick the user into downloading a malicious payload disguised as study material. The ML classifier and ClamAV detection strongly indicate malicious intent. While no scripts were explicitly extracted, the PDF structure and embedded URI suggest a phishing or malware distribution attempt.
Machine Learning
- Nyx PDF Classifier malicious score 0.8056
Heuristics 3
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://xezojetit.ru/award?keyword=agriculture+polytechnic+study+material+pdf PDF link annotation
- https://cdn.sqhk.co/kixagixupo/Igcjgyn/98411002535.pdfIn PDF document text
- https://luzulobopado.weebly.com/uploads/1/3/2/6/132681737/zixedupaful_bitusoxuvegovo.pdfIn PDF document text
- https://kuwobudub.weebly.com/uploads/1/3/4/5/134587752/7a68c8676ae68.pdfIn PDF document text
- https://cdn.sqhk.co/wuzomowa/Qxhc4eh/angry_birds_2_mod_apk_online.pdfIn PDF document text
- https://cdn.sqhk.co/duxadikoti/bghyBih/affirm_walmart_credit_score.pdfIn PDF document text
- https://vobanugan.weebly.com/uploads/1/3/5/3/135340106/6065335.pdfIn PDF document text
- https://cdn.sqhk.co/muwunupudi/2pZhbjg/gagoditixefenebovedugo.pdfIn PDF document text
- https://julalawigito.weebly.com/uploads/1/3/4/8/134869680/0440ef8a.pdfIn PDF document text
- http://dafujopinax.22web.org/oxford_university_press_catalogue_2020.pdfIn PDF document text
- https://cdn.sqhk.co/supetuzitepi/chiihjb/51619516469.pdfIn PDF document text
- https://nesibebinirudeb.weebly.com/uploads/1/3/5/3/135311353/7677327.pdfIn PDF document text
- https://jalizirut.weebly.com/uploads/1/3/5/3/135308553/1542658.pdfIn PDF document text
- http://zitanulumerikow.22web.org/terapia_genica.pdfIn PDF document text
- https://taruzalo.weebly.com/uploads/1/3/5/3/135398133/ginogajij.pdfIn PDF document text
- https://tiramanab.weebly.com/uploads/1/3/1/8/131856622/mazugutu.pdfIn PDF document text
- https://fowuwulavo.weebly.com/uploads/1/3/4/7/134754099/vizimududikowuke.pdfIn PDF document text
- http://fontawesome.iohttp://fontawesome.io/license/In PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- http://lafanibawonol.rf.gd/compro_ahoyador_barreno_manual.pdfIn PDF document text
- http://tezafafowajij.epizy.com/38616392302.pdfIn PDF document text
- http://fewebife.rf.gd/bose_companion_2_series_3_price_philippines.pdfIn PDF document text
- http://sazororazinub.epizy.com/guideline_warfarin_overdose.pdfIn PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0005d2c3.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x5D2C3 | 22180 bytes |
SHA-256: 00b522e8f13170569d2239cf8f150929722a57511e657ca31b439b726740237d |
|||
font_01_sfnt_off0006192a.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6192A | 1604 bytes |
SHA-256: 2865e7baf948dad665c6444796ca384115bd4b2b4fd1fe86d29b5d3d3d6405bf |
|||
font_02_sfnt_off0006214d.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6214D | 5660 bytes |
SHA-256: 4ca956791eff6c65dd5ec5671a0a95556b96ddf007697a1a58f405ab80b7856a |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.