MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
The file was detected as malicious by ML classifiers and ClamAV, indicating a high likelihood of malicious intent. The PDF contains embedded URLs, one of which is flagged as potentially malicious, suggesting a phishing or credential harvesting attempt. No scripts were extracted, but the presence of embedded URLs and the overall detection score point towards a social engineering attack.
Machine Learning
- Nyx PDF Classifier malicious score 0.9994
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://feedproxy.google.com/~r/razvivatel/yapz/~3/-MXWpcYQ7kA/square?utm_term=how+to+convert+pdf+table+to+excel+spreadsheet
- https://static1.squarespace.com/static/60aac5994c6b1805bc4acbdb/t/60ec8e2ca1b53f2c225e75e2/1626115628923/gospel_piano_chords_for_beginners.pdf
- https://static1.squarespace.com/static/60bf6bff0d8d387fecc8b153/t/60ecb27882c35958e286b26a/1626124920253/pazelega.pdf
- https://static1.squarespace.com/static/60aac4dd19f082755c4e5c69/t/60e8e63692abcc18c4f2f16e/1625876022714/xugoros.pdf
- https://static1.squarespace.com/static/60aac4e0d5abe22cec5c4b22/t/60e8ee1d12fb7d0b2790e9f2/1625878045825/6_babies_born_at_once.pdf
- https://static1.squarespace.com/static/60bf6bff0d8d387fecc8b153/t/60ed006a4bcdcf6393f8ebd1/1626144874804/how_to_find_a_solution_set.pdf
- https://static1.squarespace.com/static/60bf6c89a2b0b938881bcf91/t/60ed0ca3f2de0a6ebf2ee131/1626148003493/unicorn_and_fairy_colouring_pages.pdf
- https://static1.squarespace.com/static/60aac4dd19f082755c4e5c69/t/60e8ea52cc7c0864592434a2/1625877074735/sadoterosowepe.pdf
- https://static1.squarespace.com/static/60aac4e0d5abe22cec5c4b22/t/60ecacebe7718717d765f996/1626123500050/ares_file_sharing.pdf
- https://static1.squarespace.com/static/60aac4e0d5abe22cec5c4b22/t/60e784b569e9d36975f4c56e/1625785525655/dogebilatavefilikol.pdf
- https://static1.squarespace.com/static/60aac59fb7e9621e2f466549/t/60ec8f079c874e714248904a/1626115848036/magento_nulled_extensions.pdf
- https://static1.squarespace.com/static/60aac52a97a1d73ddacfe14c/t/60ecbd44fbaa722a654ecce0/1626127684753/muzonon.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://dejavu.sourceforge.net
- http://dejavu.sourceforge.net/wiki/index.php/License
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000c5e8.binf40f9489b407e5bd48924a72ce9fa6fee55f3759a2a6b33403a5f6bf3f9f570a |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xC5E8 | 15848 bytes |
font_01_sfnt_off0000eebb.binb69ff4b65ab181b3e8a513c9489f437b417a116e84b71fc372edd6ad036d8f08 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xEEBB | 11012 bytes |
font_02_sfnt_off00010816.bin9d2294e344127da9ddc2b77d68b1576b6b78373885bc9da2859f180a98f2c1e1 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x10816 | 16792 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.