MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF file was flagged by ML classifiers and ClamAV as malicious, specifically as a phishing trojan. It contains an embedded URL that appears to be a lure, directing users to a site related to 'hobo prison break passwords'. No scripts were extracted, but the presence of the malicious URL and the strong heuristic detections indicate a phishing attempt.
Machine Learning
- Nyx PDF Classifier malicious score 0.9996
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://leonvi.ru/wix?keyword=hobo+prison+break+passwords
- http://giwewigipebi.medianewsonline.com/definobizafi.pdf
- https://static.s123-cdn-static.com/uploads/4452593/normal_5fe0aabe2ec62.pdf
- https://cdn-cms.f-static.net/uploads/4425726/normal_601f826849227.pdf
- http://itanto.space/love_story_movies_bollywood_2018-_19caigy.pdf
- http://sesizuxewewax.mygamesonline.org/can_we_read_books_in_kindle.pdf
- https://static.s123-cdn-static.com/uploads/4368245/normal_5ff55b8ef2782.pdf
- http://dawexefif.getenjoyment.net/elbow_hygroma_in_dogs.pdf
- http://betijeduw.getenjoyment.net/new_house_walk_through_checklist.pdf
- http://mainsale.pro/easy_keto_dessert_recipes_for_beginnerse3znb.pdf
- https://cdn-cms.f-static.net/uploads/4383295/normal_6041f49259387.pdf
- http://pepariravifaza.getenjoyment.net/96082369546.pdf
- https://cdn-cms.f-static.net/uploads/4374700/normal_6049e98c5680e.pdf
- https://cdn-cms.f-static.net/uploads/4417039/normal_6039da101223b.pdf
- http://my-credit.info/dakemifixotajejesotafasuz9t6vr.pdf
- https://cdn-cms.f-static.net/uploads/4459780/normal_6034c6d5c83f7.pdf
- https://cdn-cms.f-static.net/uploads/4381788/normal_604964259a59c.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://uploads.strikinglycdn.com/files/615ac072-7486-4a1e-a838-d57ebb2da3c4/geniw.pdf
- https://uploads.strikinglycdn.com/files/46cde758-dc40-44fc-af68-428d5b19b95a/ruvazujukebafin.pdf
- https://s3.amazonaws.com/gajakelegeza/interview_techniques_video.pdf
- https://uploads.strikinglycdn.com/files/17722cda-6f45-4bbc-b04d-39ea6e615b44/links_awakening_turtle_rock_gameboy.pdf
- https://s3.amazonaws.com/lezopobigeza/rozavoraradamusamomizazew.pdf
- https://uploads.strikinglycdn.com/files/d0cdc8b0-61b6-4093-9530-4d3d708ec1cd/sanokabogiko.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000ca74.bincee390d59c20add7103550e844a34343ce254e36b531d5ef1fa73a857e73e2cd |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xCA74 | 5180 bytes |
font_01_sfnt_off0000dc2e.bin6b9abc3cab815741211d3f3e45f6f1e69b5dcf4f9d3734eb004234c442cf4824 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xDC2E | 10988 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.