MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
This PDF file was flagged by multiple heuristics, including a critical ClamAV detection and an ML classifier, indicating malicious intent. The presence of embedded URLs, specifically 'https://lozipotod.ru/strik?utm_term=las+batallas+en+el+desierto+resumen+capitulo+3', suggests a phishing or redirection attempt. Although no scripts were explicitly extracted, the PDF structure and embedded URLs point towards a social engineering attack, likely aiming to trick the user into visiting a malicious site.
Machine Learning
- Nyx PDF Classifier malicious score 0.9998
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://lozipotod.ru/strik?utm_term=las+batallas+en+el+desierto+resumen+capitulo+3
- http://ruzamaji.getenjoyment.net/dupematugejowabiweripo.pdf
- https://cdn.sqhk.co/gidowoji/je5ibgL/funny_gifts_for_boyfriend_anniversary.pdf
- http://jizerigozigalav.getenjoyment.net/dimethyl_sulfoxide_dmso_in_trauma_and_disease.pdf
- https://cdn-cms.f-static.net/uploads/4418197/normal_604f47d6c6613.pdf
- https://cdn.sqhk.co/naketego/aighcgf/download_ball_brawl_3d.pdf
- https://cdn.sqhk.co/jefapukawore/3AZ4vhf/62809002760.pdf
- https://cdn.sqhk.co/vivokunavu/qjbSnjh/wusojewekase.pdf
- https://cdn-cms.f-static.net/uploads/4446789/normal_60695200bfa45.pdf
- https://cdn-cms.f-static.net/uploads/4471484/normal_603eb53c71752.pdf
- http://kufomabid.mywebcommunity.org/jobivaxawi.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://uploads.strikinglycdn.com/files/f15cfb8c-97f9-410c-b543-118bc544c04b/safety_insurance_massachusetts_phone_number.pdf
- https://s3.amazonaws.com/kavugusepe/the_hiding_place_study_guide.pdf
- https://s3.amazonaws.com/rodiligarexo/jenudux.pdf
- https://s3.amazonaws.com/fivebo/valentino_rossi_the_game.pdf
- https://s3.amazonaws.com/silubebebefuju/gogokuvonitagex.pdf
- https://s3.amazonaws.com/pilazi/puruziresofimim.pdf
- https://uploads.strikinglycdn.com/files/29458408-0b09-45a4-9f4b-282e779bf9f2/semegixajeguna.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0001158e.bin5c0e0872643bee1d9098b7dd123524c3ac44393ff9af1993fe9d10a921c67721 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1158E | 5464 bytes |
font_01_sfnt_off00012806.bin6928df049c4058126fad82a3e0c0f789b46c5d34f25e3636e225359e8689b9d4 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x12806 | 12284 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.