MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The file was detected as malicious by ML classifiers and ClamAV, indicating a high likelihood of malicious intent. It contains multiple embedded URLs, with 'https://nipisod.ru/123?utm_term=shuttle+badminton+game+free' being a prominent example. The document body, though heavily garbled, suggests a lure related to a 'shuttle badminton game free', which is likely a pretext to direct users to the malicious URL. No scripts were extracted, but the presence of external URIs points towards a phishing or malware distribution attempt.
Machine Learning
- Nyx PDF Classifier malicious score 0.9996
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://nipisod.ru/123?utm_term=shuttle+badminton+game+free
- http://katermore.ru/edenpure_heaters_manualsm5meo.pdf
- http://xtina.online/word_doc_flowchart_templateiegt3.pdf
- http://clubstore.pro/volivopapasilhkhi.pdf
- http://bluebadgeapproval.com/walmart_near_me_hours_pharmacyjb10e.pdf
- http://titonigofitazi.iblogger.org/pdf_editor_to_word_converter_free_download.pdf
- http://dehydratedoriginalgoodness.com/dunkin_secret_drink_menuyso16.pdf
- http://salestore.pro/46060805065pi95l.pdf
- http://help-nanny.site/videos_comicos_y_cortospv9nr.pdf
- http://appeal-ig.com/boredadolubonunesufusil02rss.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://uploads.strikinglycdn.com/files/23a90240-5a56-4d94-ad7e-0eb36658580c/vupuwe.pdf
- https://uploads.strikinglycdn.com/files/99a5cabc-9bbc-4153-91f3-2c70129f5b4e/84727344368.pdf
- http://kugexuluke.epizy.com/36411898636.pdf
- https://s3.amazonaws.com/tikofaketonub/anime_wallpaper_app.pdf
- https://s3.amazonaws.com/lorugipopuxe/15748432356.pdf
- https://s3.amazonaws.com/divikufifir/narefefawifevevuwixe.pdf
- https://uploads.strikinglycdn.com/files/3cf3732b-2cf2-42cb-a883-574172f15ee3/cambridge_latin_course_unit_1_stage_12_translations.pdf
- https://s3.amazonaws.com/tezofuretejom/walgreens_mini_temple_digital_thermometer_manual.pdf
- https://s3.amazonaws.com/bulozor/how_do_you_prove_you_are_judgement_proof.pdf
- http://gigogapa.epizy.com/format_cdr_file.pdf
- https://s3.amazonaws.com/lekelepowo/tor_browser_cracked_apk.pdf
- http://zuxorijafofonal.rf.gd/gixop.pdf
- https://s3.amazonaws.com/fexuror/46929809664.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000eb1f.bin4bd94b3e029f656ddbaf7a938bc1a1980904463be19aecf7111662f3c4577564 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xEB1F | 5384 bytes |
font_01_sfnt_off0000fd48.bine95dfe99cd995dff21d8dae2e6e73b0deb3fb183de3ecb3126db0716dcbdc1e3 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xFD48 | 10744 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.