MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF file was flagged by ML classifiers and ClamAV as malicious, specifically as a phishing trojan. It contains an embedded URL pointing to a suspicious domain, likely intended to deliver a malicious payload or phish for credentials. The document body, though heavily obfuscated, appears to reference a 'Highland classic basketball tournament', suggesting a lure to entice users to click the malicious link.
Machine Learning
- Nyx PDF Classifier malicious score 0.9997
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://jumiwimov.ru/wix?keyword=highland+classic+basketball+tournament
- http://sekujirimabasas.getenjoyment.net/how_to_set_up_sharp_xe_a207_cash_register.pdf
- https://vimadefivikimaw.weebly.com/uploads/1/3/4/2/134265378/8773083.pdf
- http://wejowadizabudex.mypressonline.com/10144122304.pdf
- https://cdn.sqhk.co/narulaloro/uVhg1jg/zombie_tsunami_promo_code_free_2020.pdf
- https://cdn.sqhk.co/tubafejog/hiE5mh0/7411824293.pdf
- https://debuvubuni.weebly.com/uploads/1/3/4/8/134846467/7849776.pdf
- http://tikopariwoxa.mygamesonline.org/34829379372.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://uploads.strikinglycdn.com/files/17625bab-d450-42b3-a0b2-8779e6b0232c/winner_soccer_evolution_full_unlocked_apk.pdf
- http://wotidupodugi.myartsonline.com/jon_duckett_html_and_css.pdf
- https://s3.amazonaws.com/sutawowirosuvuv/23901945711.pdf
- http://rinimodosejowuf.myartsonline.com/anatomia_microscopica_de_la_encia.pdf
- http://tiredosutozol.atwebpages.com/12984431022.pdf
- https://s3.amazonaws.com/dixaleko/wereviwaxu.pdf
- https://uploads.strikinglycdn.com/files/809c7cca-2d49-4ae8-b919-b0d3b6887f89/my_bloody_life_the_making_of_a_latin_king_summary.pdf
- https://uploads.strikinglycdn.com/files/a1259b45-b1ee-4953-bc55-babe927fc31d/zexatab.pdf
- https://uploads.strikinglycdn.com/files/1378974d-b3b4-410d-bf73-8717d88c34b1/405_toll_lanes.pdf
- https://s3.amazonaws.com/jitimesolagun/katyusha_sheet_music_piano.pdf
- https://uploads.strikinglycdn.com/files/978391f3-ac3f-4984-be3c-029eab155dc3/77713896117.pdf
- http://forezepolutaju.onlinewebshop.net/nofuzajemuteravirotizag.pdf
- http://bujekotu.atwebpages.com/fozove.pdf
- https://s3.amazonaws.com/kawotexulozax/multiplying_fractions_worksheets_grade_7.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000d673.bina0378809d263cea65f9a99cec9acadfaccf277477e931fbfd04db83bccec09ed |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xD673 | 5516 bytes |
font_01_sfnt_off0000e90a.bin8ccc2de954ce76eeaa24f7b394e938be4d848ed2d18cf13f9fd065019e5615de |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xE90A | 10656 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.