MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The file was detected as malicious by ClamAV and an ML classifier, and it contains an embedded URI pointing to a suspicious domain. The PDF structure also indicates potential duplication of objects, which can be used to obfuscate malicious content. The primary IOC is the external URI that likely leads to a phishing or malware distribution site.
Machine Learning
- Nyx PDF Classifier malicious score 0.6633
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://botokaw.ru/strik?utm_term=d%2526d+5th+edition+kobold+race PDF link annotation
- http://worameruvejaka.mywebcommunity.org/vosixumopurivu.pdfIn PDF document text
- http://nesarose.sportsontheweb.net/mexazuladeg.pdfIn PDF document text
- http://dorulezebum.sportsontheweb.net/folunulovim.pdfIn PDF document text
- http://www.opentle.orgIn PDF document text
- http://fedorahosted.org/lohitIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- http://smc.org.in)MeeraRegularMeera2016SMC7.0.0+20171102HussainIn PDF document text
- http://smc.org.inhttp://smc.org.inIn PDF document text
- http://www.daltonmaag.com/In PDF document text
- http://www.indictrans.orgIn PDF document text
- https://s3.amazonaws.com/jiwisigetizoxif/beat_shazam_season_2_episode_guide.pdfIn PDF document text
- https://eb62986f-0112-409a-9ebe-777412bc5c19.filesusr.com/ugd/26938b_692446b0ffa140d1b37d8784b0a036dd.pdf?index=trueIn PDF document text
- https://s3.amazonaws.com/mozirolinitaje/sabijotuleganumawagew.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/420a93dd-f18c-4ee8-b3a0-69bd325ab650/combining_like_terms_calculator.pdfIn PDF document text
- https://16fd3b15-5541-4454-9538-28daacbf497e.filesusr.com/ugd/e32576_801587e34f5547a9bf289ba4c37252f3.pdf?index=trueIn PDF document text
- https://c183b790-cb34-49aa-848e-1a9f2b14dda3.filesusr.com/ugd/d8966e_8e09aaf7b2bd4eebbedc6d3cc89b81af.pdf?index=trueIn PDF document text
- https://uploads.strikinglycdn.com/files/b0fbca5f-5bb8-4791-a263-38b6bfcebeed/wizedavebagikimikob.pdfIn PDF document text
- http://xowuzaxu.onlinewebshop.net/geometrical_optics_for_iit_jee.pdfIn PDF document text
- https://s3.amazonaws.com/zepifudoxapo/19626924200.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/5c72fb48-7bb2-4c59-adb9-30c7b500ce35/excel_2013_free_download_windows_7.pdfIn PDF document text
- http://vawinujofupin.myartsonline.com/ninojiz.pdfIn PDF document text
- https://4f7f339c-9ee9-4921-a7ad-794169edd555.filesusr.com/ugd/fea72b_87ecac23d455450c873caaad28bd873d.pdf?index=trueIn PDF document text
- https://s3.amazonaws.com/jutenojamega/85046209953.pdfIn PDF document text
- https://0adc25b5-51aa-4063-b16a-1f2a012ffc82.filesusr.com/ugd/23a6c3_8f3751fe997a4bedb990a0278a2c8316.pdf?index=trueIn PDF document text
- https://s3.amazonaws.com/litunux/butter_chicken_recipe_video_in_hd.pdfIn PDF document text
- https://s3.amazonaws.com/wolina/23201158978.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/51c0b0e4-49bf-4e3f-ae21-fe36df6ab7be/food_safety_modernization_act_produce_safety_rule.pdfIn PDF document text
- https://s3.amazonaws.com/vebogotexaf/36832225819.pdfIn PDF document text
- https://s3.amazonaws.com/dutimajizowa/stainless_steel_sheet_18_gauge.pdfIn PDF document text
- https://s3.amazonaws.com/wexoteluwag/csec_english_b_syllabus_2018.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://dejavu.sourceforge.netIn PDF document text
- http://dejavu.sourceforge.net/wiki/index.php/LicenseIn PDF document text
- http://www.gnu.org/licenses/gpl.htmlIn PDF document text
- http://scripts.sil.org/OFLIn PDF document text
- https://gitlab.com/smc/meera/blob/master/COPYINGIn PDF document text
- http://www.geocities.com/mitra_anirban/hobbies.htmGNUIn PDF document text
- http://www.gnu.org/copyleft/gpl.htmRegularIn PDF document text
- http://sinhala.sourceforge.net/In PDF document text
- http://sinhala.cvs.sourceforge.net/viewvc/*checkout*/sinhala/sinhala/fonts/CREDITSIn PDF document text
- http://www.gnu.org/licenses/gpl-2.0.htmlIn PDF document text
- http://www.gnu.org/licenses/lgpl.htmlRegularDanhHongIn PDF document text
- http://www.geocities.com/dnhhngIn PDF document text
+4 more URL(s)
Extracted artifacts 19
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
stream_010_off0002312b.bin |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x2312B | 19512 bytes |
SHA-256: 520da1275a78093f004f47c058cc57bb35a140e51949440429da94ffbe0dd36c |
|||
font_00_sfnt_off00010f0e.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x10F0E | 6148 bytes |
SHA-256: 4910d0177da9f60ecc92c13a34fae8c5c38ffafb9e4e22a3c3fd987548b79157 |
|||
font_01_sfnt_off00011ef0.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x11EF0 | 3612 bytes |
SHA-256: e6a127d4807db9283a7accf384a78a2b0e3b5516854c6cc3c0883f933369f6f8 |
|||
font_02_sfnt_off00012d06.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x12D06 | 18496 bytes |
SHA-256: 787882336207a4c89132afc63a38529ed206e6065b99df758759aaec87291d4d |
|||
font_03_sfnt_off000162cc.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x162CC | 3484 bytes |
SHA-256: b6bc3e761eca8ae26333d0367913862b9788f7109bed8a3dd2635371d897bba1 |
|||
font_04_sfnt_off00016e37.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x16E37 | 2604 bytes |
SHA-256: 7f3a1ef136f36ba68bc36e5bcd31de243dce7f4b60e01c4bc40f508baeb48ca0 |
|||
font_05_sfnt_off00017949.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x17949 | 3048 bytes |
SHA-256: 4bb619f7e4c8d10c6650d66271e6db770d7def95493d885be3efe54e7c100c22 |
|||
font_06_sfnt_off00018555.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x18555 | 2656 bytes |
SHA-256: c206ac4eca120f096112d408dff6b33a2f721090936d80486df636e1cd240fde |
|||
font_07_sfnt_off00019035.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x19035 | 60232 bytes |
SHA-256: d8bc6e1cd31c0b3d783fbba366501426e78e29ffe39b3b547f56c9eadd5dcec5 |
|||
font_09_sfnt_off000252d2.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x252D2 | 4324 bytes |
SHA-256: 0d0f64e27578eb124b8bc81c7eceacdd166e22eddd95c81328e9fbd7de2a6333 |
|||
font_10_sfnt_off000260d7.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x260D7 | 4140 bytes |
SHA-256: fbdd9df555c8710fa493947bde41d1b30e4b750f457ece442df516a7dd53c510 |
|||
font_11_sfnt_off00026dc6.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x26DC6 | 3840 bytes |
SHA-256: cca5298ad2e89ab0d41cc63a8205340d9321530172a8d5dda1c28d17fa56adaa |
|||
font_12_sfnt_off00027bd8.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x27BD8 | 4544 bytes |
SHA-256: 8de763cc392d555d6555ce28e49a7801ce7361977d5c0c1f0cca23967a7df2d1 |
|||
font_13_sfnt_off000289ea.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x289EA | 2108 bytes |
SHA-256: e66bd646ff29f48b94a898642357a1d5295b77faffa0bd70eb77acb4aebc9a97 |
|||
font_14_sfnt_off000293c9.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x293C9 | 4336 bytes |
SHA-256: 87016e8933cc862d1d188edfbee698abcff8178ed3d6b510b61737ee02f60284 |
|||
font_15_sfnt_off0002a173.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x2A173 | 4216 bytes |
SHA-256: f2ee77ef46d574326e15e5d832115933ac9a59561f08735e614fb36f91e87993 |
|||
font_16_sfnt_off0002af2f.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x2AF2F | 7916 bytes |
SHA-256: e679725072c74ab1de830ba6dd25101ec2f6d7be962e72d99a133184e56e62d0 |
|||
font_17_sfnt_off0002c3c4.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x2C3C4 | 2328 bytes |
SHA-256: 3702365b3034b9d7945da23b991b5e2ac3f8bb06d1ba3be7e5ba1b5d8dd48c9f |
|||
font_18_sfnt_off0002ce80.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x2CE80 | 1828 bytes |
SHA-256: 93be6ffae20bc6daf2b9cedd8b6106235c1054a6214cc2a290c9def1cb5833a8 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.