MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
The PDF file was detected as malicious by ML classifiers and ClamAV, indicating a high likelihood of malicious intent. It contains an embedded URL pointing to a resource that is likely part of a phishing or malware distribution scheme. The document body, though heavily obfuscated, suggests a lure related to a 'Jeep cj7 factory service manual', which is a common tactic to entice users to download further malicious content.
Machine Learning
- Nyx PDF Classifier malicious score 0.9998
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://druttle.ru/wix?keyword=jeep+cj7+factory+service+manual
- http://salebox.shop/kekabe0mzvs.pdf
- https://rowozone.weebly.com/uploads/1/3/2/7/132740293/xevuroboluv.pdf
- https://cdn.sqhk.co/nasubivapu/COe6dia/nba_2k20_ratings_update_march.pdf
- https://sujezebaxoxil.weebly.com/uploads/1/3/4/3/134316131/4774325.pdf
- https://cdn.sqhk.co/vafodagusun/d7jaxji/sub_meter_reading_calculator.pdf
- http://cardioactiveitalia.site/cap_yeager_award_study_guideg6f5b.pdf
- https://gasezojilatinoj.weebly.com/uploads/1/3/1/4/131455825/ditaf_xudanutiremo_fasewexuwer.pdf
- https://cdn.sqhk.co/bubiwalifeda/g0EhiFI/valunusozezu.pdf
- https://fexalikinuzumow.weebly.com/uploads/1/3/5/3/135324316/nasuxonolule_niputukidaz_kopol_jakuw.pdf
- https://cdn.sqhk.co/rijomawonuj/hhdgfja/first_flight_english_book_class_10_solutions.pdf
- https://pojajowose.weebly.com/uploads/1/3/0/8/130813819/5964626.pdf
- https://cdn.sqhk.co/lezebulodiw/eggg2U5/telegram_stickers_meme_2020.pdf
- http://50offit.pro/pioneer_vsx_524_k_manual_espaolqrigm.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- http://www.daltonmaag.com/
- https://uploads.strikinglycdn.com/files/7db6b1ec-1059-4583-9ffc-52b3d490aa0f/samsung_un28h4500afxza_manual.pdf
- https://s3.amazonaws.com/minegikukovel/glencore_plc_annual_report.pdf
- https://uploads.strikinglycdn.com/files/5c39b37b-823a-49b6-be44-439543ee8b87/kowepudamajubinigikipeli.pdf
- https://s3.amazonaws.com/viregujipowuru/bio_101_lab_manual.pdf
- https://uploads.strikinglycdn.com/files/d2b4090d-13d3-40de-91f2-af1c0a660b4d/66556622212.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000df83.bin3238dd96a3ba1b70483b68c09624ca4f9b5bd631d0166d36ffd1bec3b49a8b36 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xDF83 | 5348 bytes |
font_01_sfnt_off0000f1b4.binee03cdbcf328a3b3529e63d2866b965690a8ae1c8fea0999bbee5a88895b2fd3 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xF1B4 | 10960 bytes |
font_02_sfnt_off0001172f.bin4fcfa7c68d76e23b667942a3ac892d2d5d88346478daafc61479ad4df4af3dd3 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1172F | 4324 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.