MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The file is identified as malicious by ML classifiers and ClamAV, with a critical heuristic firing for ClamAV detection. It contains an embedded URI pointing to a suspicious domain, 'botokaw.ru', which is likely used for phishing or to serve a malicious payload. The document body, though heavily obfuscated, appears to be a lure related to product reviews, consistent with phishing tactics.
Machine Learning
- Nyx PDF Classifier malicious score 0.9998
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://botokaw.ru/strik?utm_term=halo+bassinest+swivel+sleeper+luxe+reviews
- http://mmuuue.space/leather_templates_and_patternsow05z.pdf
- http://copyright-notice-ig.com/zizekulewekavegat5v9i.pdf
- http://bigswinner.space/how_to_stopwords_in_nltknv8z9.pdf
- https://zedimubaxujejit.weebly.com/uploads/1/3/4/7/134715534/vekokipabu.pdf
- http://kompledom.com/aparna_dixit_imagesaa3fn.pdf
- http://instapriz24.site/wedafewetuvisuwodalosynoca.pdf
- https://pipenibeteza.weebly.com/uploads/1/3/4/5/134508730/4410150.pdf
- http://creamwalls.space/jobititapemefotifisinitnn7r.pdf
- http://konsalting.info/490321517661dsqb.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://e192e36c-395d-4660-9df6-aa7aed00c30a.filesusr.com/ugd/3aee12_4b1b5a49236845fc91a806fcea02ab3b.pdf?index=true
- https://s3.amazonaws.com/toliwudalamem/xuxebiruku.pdf
- https://6b551870-9d71-4c88-87ac-30bafd697196.filesusr.com/ugd/b27e13_78ef518337214388b6a699d3f56f04b9.pdf?index=true
- https://ded05c8b-f0d8-42bc-a64b-daa0b63394ca.filesusr.com/ugd/99afdc_bae1dbb3a77a4cdfb69c0d26c65fb5d6.pdf?index=true
- https://a86a6b26-b473-4b55-b9aa-7628a2bff077.filesusr.com/ugd/4f270c_c884fdc319064cd69798ddc56c7a85a4.pdf?index=true
- https://1cf095b7-1d29-4152-b82c-7733cf7ba0c7.filesusr.com/ugd/c1de29_dad19f5cecc744d2b80db9f5ee7e7079.pdf?index=true
- https://fb11a22a-0354-46da-9cc6-4c3c117dc950.filesusr.com/ugd/4cd51e_297c539b4112434d93fc7ea5d15759d8.pdf?index=true
- https://1c8fadd7-09eb-4d2b-9d42-8e747ba5ce52.filesusr.com/ugd/60625b_24a5cf82bf634abcbcf3ccc15be3ea8a.pdf?index=true
- https://s3.amazonaws.com/widiku/windows_10_nvidia_driver.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00010868.binf820ebb13721479674a9015f4f1c128ad53aa5738a529a48d0a9a5b41efac2c3 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x10868 | 5132 bytes |
font_01_sfnt_off000119ff.binc8589b6e2363540e52815f8fb033deb4ddf97750b1bdcc0eed9be7d323a2f9db |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x119FF | 11356 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.