MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF file was flagged by a machine learning classifier and ClamAV as malicious, indicating a phishing attempt. It contains an embedded URI pointing to a suspicious domain, likely intended to redirect the user to a malicious site. The document body, though heavily obfuscated, suggests a lure related to product information.
Machine Learning
- Nyx PDF Classifier malicious score 0.9997
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ponafet.ru/123?utm_term=pedal+controlador+line+6+fbv+express+mkii+spider+verse
- https://puluzoxaxidu.weebly.com/uploads/1/3/2/6/132683087/gonowofevisakuzeru.pdf
- http://lamenomapod.iblogger.org/samsung_galaxy_s9_price_uk.pdf
- https://cdn.sqhk.co/numanazolov/CgiWnQB/motor_touring_matic_indonesia.pdf
- https://kujafuzepod.weebly.com/uploads/1/3/1/6/131637430/lokarabebotu.pdf
- http://nesebonuvobeju.getenjoyment.net/32952559850.pdf
- https://babinekisifuve.weebly.com/uploads/1/3/2/6/132696104/3451735.pdf
- https://memelixuluxowi.weebly.com/uploads/1/3/5/9/135958522/abc858.pdf
- https://cdn.sqhk.co/dubibuwa/ajbihcy/fidget_hand_spinner_game_speed.pdf
- http://legionmone.xyz/labirent_3_indir_trke_dublaj0atqt.pdf
- http://saudiautoinsurance.com/cute_cat_wallpaper_aestheticahzti.pdf
- http://lebizifijafaxim.medianewsonline.com/client_services_manager_job_description.pdf
- https://static.s123-cdn-static.com/uploads/4369333/normal_600043798f941.pdf
- https://cdn.sqhk.co/bivuwusim/cYAhejf/nufobamuzisexakolej.pdf
- http://wabitolukarile.22web.org/xodadulejizevusawifosada.pdf
- https://cdn.sqhk.co/zifeduwa/hWE5hc8/69988125370.pdf
- https://cdn.sqhk.co/xenivoronizu/gkkjjcO/tifip.pdf
- http://believes.space/50167848296c69dy.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- http://www.daltonmaag.com/
- http://jovebagubalolif.epizy.com/feliz_navidad_lyrics_in_english_only.pdf
- http://juludiripo.myartsonline.com/what_is_the_network_unlock_code_for_vodafone.pdf
- http://xufivutuxalug.rf.gd/huntington_bancshares_inc_annual_report_2018.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000d3a4.bin27d14cbdfd496e22b8085638d0a989bd451a7dae9d8561e6fb7fd2d785810b08 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xD3A4 | 5576 bytes |
font_01_sfnt_off0000e677.bin79407cc2f4f12ef8c250ae0b4d64c0cddb57e999bbce01b38f6a37e99ae02029 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xE677 | 11952 bytes |
font_02_sfnt_off00010e1f.bin7f6049e5011acf0e8581793f2bc2bb947aac2929fdb77abc318b2a6155c1ef71 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x10E1F | 4324 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.