MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF contains an embedded URL that directs users to a suspicious domain, likely for phishing or malware distribution. ClamAV and ML classifiers strongly indicate malicious intent, classifying it as a phishing trojan. The document body, though heavily obfuscated, suggests a lure related to 'Apache spark tutorial pdf'.
Machine Learning
- Nyx PDF Classifier malicious score 0.9998
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://mezovuduw.ru/award?keyword=apache+spark+tutorial+pdf
- https://cdn-cms.f-static.net/uploads/4369168/normal_5fd7d296ee9d9.pdf
- https://cdn-cms.f-static.net/uploads/4376379/normal_6041e44a4b6bb.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://uploads.strikinglycdn.com/files/7cae0d9e-d96c-4087-b823-e35f139859aa/doraemon_movie_stand_by_me_2_trailer.pdf
- https://s3.amazonaws.com/bokofapig/wordpress_blog_themes_free_responsive.pdf
- https://s3.amazonaws.com/zozofufulolig/27507969357.pdf
- https://uploads.strikinglycdn.com/files/7d313a25-1310-4869-9b32-5e142d71ea5d/2331319447.pdf
- https://s3.amazonaws.com/warapagefasovi/amu_b_tech_online_form_2019.pdf
- https://uploads.strikinglycdn.com/files/c2b6861c-769b-4282-b756-774bdf00dfcf/jolesidesonet.pdf
- https://uploads.strikinglycdn.com/files/4c0638ba-9926-4790-8448-7af438e83f5b/41189642131.pdf
- https://uploads.strikinglycdn.com/files/e8881606-9b23-4dec-b77a-62efff9a2bd5/wolfgang_puck_mini_rice_cooker_manual.pdf
- https://s3.amazonaws.com/vabedafozo/how_do_i_enable_screen_mirroring_on_my_roku.pdf
- https://uploads.strikinglycdn.com/files/1e25e7a7-1078-4f3a-92ed-57eff1cfa9b8/vubuto.pdf
- https://s3.amazonaws.com/sivanira/15359006442.pdf
- https://s3.amazonaws.com/lanaladu/17832703456.pdf
- https://uploads.strikinglycdn.com/files/cd929413-f77d-4aa8-bf8c-87c60713d070/what_naturally_kills_parasites.pdf
- https://s3.amazonaws.com/numunenoji/39272094775.pdf
- https://s3.amazonaws.com/wajufifenoxuj/ginagikuzururonitub.pdf
- https://uploads.strikinglycdn.com/files/f91c9617-7f73-4172-acfd-61a73e393f33/tixomazitujugogik.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000101cd.bina669bc1af61d7fb4fd28f42295b831410e6e1e4de18efabcff5b4d62ab16f56b |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x101CD | 5296 bytes |
font_01_sfnt_off000113c3.bin95cce1ead5e97ef1020762fe1da29c51cc58f8d1302fc46b0e06ea78a9f7f376 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x113C3 | 12468 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.