MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The file is a PDF document identified as malicious by ClamAV and an ML classifier. It contains an embedded URI pointing to a suspicious domain, 'maypoin.ru', which is likely part of a phishing or malware distribution scheme. The document body, though heavily obfuscated, contains text that appears to be a lure related to 'Brothers Karamazov'. No scripts were extracted, but the presence of external URLs and the overall malicious verdict strongly suggest an attempt to redirect the user to a malicious site.
Machine Learning
- Nyx PDF Classifier malicious score 0.9510
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
-
External URI info PDF_URIPDF contains an external URL action
-
PDF differential parser failed info PDF_DIFFERENTIAL_PARSE_FAILEDThe cross-check parser (pdfminer.six) failed on this file: PDF differential parser failed: PDFSyntaxError. Static heuristics still ran and any of their findings above are valid; only the differential cross-check signal is missing.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://maypoin.ru/award?keyword=brothers+karamazov+avsey+pdf
- http://bit7.top/slide_hoops_apkpf59f.pdf
- http://betmoy56.com/70540852111adyu2.pdf
- http://madusotiju.22web.org/one_sample_t_test_excel_template.pdf
- http://biggymstoe.com/ice_machine_for_knee_replacementxku8c.pdf
- http://heleogose.online/gumolegedugijirawigiju45zvd.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://uploads.strikinglycdn.com/files/e4560ed9-45e5-4fcb-a6b1-a6c8cc90ad1d/48454430267.pdf
- https://s3.amazonaws.com/minaxigevani/93045715008.pdf
- https://s3.amazonaws.com/vebisop/praise_and_worship_songs_with_lyrics_and_piano_chords.pdf
- http://zanalonum.rf.gd/zoramibavijuvun.pdf
- https://s3.amazonaws.com/suxuzubojut/fowipixodutanusiworewoxi.pdf
- http://sajogat.rf.gd/guwalijapiramawajifogit.pdf
- https://uploads.strikinglycdn.com/files/e666a064-4442-4b76-9441-cedbc0f9ed1c/el_lenguaje_ritual_en_el_palo_monte_mayombe.pdf
- http://xikaturufurofun.epizy.com/50251420911.pdf
- https://s3.amazonaws.com/fatikonavori/other_word_forms_for_bewildered.pdf
- https://uploads.strikinglycdn.com/files/302fa1c0-a9d8-4f7e-928e-9ddc78898004/install_pip_setuptools_ubuntu.pdf
- https://uploads.strikinglycdn.com/files/c34bcb1e-0d8f-4a1d-b53c-bad65100fdc4/pozerulo.pdf
- https://uploads.strikinglycdn.com/files/ca405027-5d85-4e6e-841b-7ef7f7055210/starting_out_with_c_7th_edition_solutions.pdf
- https://uploads.strikinglycdn.com/files/7d27abdb-7d23-45b0-9f5f-18e10a5b1f32/how_to_check_electricity_bill_from_meter_reading_in_india.pdf
- http://ronagonisewa.epizy.com/43775881793.pdf
- http://wafubarig.epizy.com/3505127453.pdf
- https://uploads.strikinglycdn.com/files/a490221f-7fd2-48db-97d5-2513f0ae7f2d/gakomovaregejegiv.pdf
- https://uploads.strikinglycdn.com/files/4c743813-0ca3-40b3-8ee6-c59e3b7bde4c/boy_scout_chess_merit_badge_worksheet_answers.pdf
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000f79c.bine103b8dbf2d3968c9abe89b96cb3f370987a01e7af39663330fdf7f25c101ebe |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xF79C | 5576 bytes |
font_01_sfnt_off00010a7f.bince55aaf429394006ad891c684c251f81326cd7565c74bdc968887befba8dcaf5 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x10A7F | 14760 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.