MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The file is identified as malicious by ML classifiers and ClamAV, with a high risk score. It contains an embedded URI pointing to a suspicious domain, 'baarspo.ru', which is likely part of a phishing or malware distribution scheme. The document body, though truncated and obfuscated, contains metadata that may be intended to mislead the user.
Machine Learning
- Nyx PDF Classifier malicious score 0.9778
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://baarspo.ru/wix?keyword=super+skarmory+dead PDF link annotation
- http://like-store.site/derivatives_of_inverse_trig_functions_proofghleg.pdfIn PDF document text
- http://korecos.ru/brasil_tv_new_apk_hack6kkeg.pdfIn PDF document text
- http://o-karte-kopilka.com/jack_reacher_book_series_in_chronological_orderagjbc.pdfIn PDF document text
- http://creditscorefix.info/canon_printer_pixma_mg3520_manualefqiy.pdfIn PDF document text
- http://medyayazilimtr.com/47376569725gmiea.pdfIn PDF document text
- http://kreativoblako.com/how_to_clean_braun_series_7_with_water91fq2.pdfIn PDF document text
- http://yblda.fun/rhinoceros_eugene_ionesco3p394.pdfIn PDF document text
- http://chambreop.xyz/spoken_english_course_near_megzqo4.pdfIn PDF document text
- http://winelorasagi.22web.org/kuforixunefuxunadax.pdfIn PDF document text
- http://blognews.top/weekender_bag_with_shoe_compartment_canadadsmg9.pdfIn PDF document text
- http://free-at.pro/477869759721ezz.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://s3.amazonaws.com/dalava/dodarazasabu.pdfIn PDF document text
- https://48e4e0df-78ce-4736-8797-27735e68dc67.filesusr.com/ugd/f3b179_72bcf3ab584943cfad60f1425fa2bedb.pdf?index=trueIn PDF document text
- http://vaduxovogemuke.epizy.com/intra_abdominal_infection_guidelines.pdfIn PDF document text
- https://7e005a1c-fb68-43c1-af83-b854b6a2d282.filesusr.com/ugd/dcfb95_fdefdea18a5646a1b79b045b298b91c4.pdf?index=trueIn PDF document text
- https://551f0ad2-75d1-4009-b90b-2f3e3e20230b.filesusr.com/ugd/c2bf0a_c65d4e4c95364a1b80193d105dcfe63b.pdf?index=trueIn PDF document text
- https://78f121e6-5824-477f-9480-4bf23eba804c.filesusr.com/ugd/9564ad_ae2e08a9b3bb41669ff299c28ff583f0.pdf?index=trueIn PDF document text
- https://1527c8d3-3321-4e9f-872f-e2bebb57bac2.filesusr.com/ugd/bf2d42_01b04c46caf14d58a26710434b1030bd.pdf?index=trueIn PDF document text
- https://c0cead0d-5248-483d-940e-95cc3acd9bde.filesusr.com/ugd/20d83a_ff8265ed2b604a07bfea0184ba47b387.pdf?index=trueIn PDF document text
- https://s3.amazonaws.com/tirimofufemukat/printable_fire_extinguisher_inspection_tags_template.pdfIn PDF document text
- https://645c32c3-7e99-4959-b93b-7980205539d7.filesusr.com/ugd/30a31c_936105f9fd8a4b708cee3426beab8572.pdf?index=trueIn PDF document text
- https://s3.amazonaws.com/galinikagopit/bollywood_movies_2018_all.pdfIn PDF document text
- http://rusasawo.rf.gd/68502184549.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
- http://dejavu.sourceforge.netIn PDF document text
- http://dejavu.sourceforge.net/wiki/index.php/LicenseIn PDF document text
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00030db2.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x30DB2 | 5344 bytes |
SHA-256: d74fb9f9b411bfae76347af27f501bc7a05cbfdf451248c7c67d3dd53363fa26 |
|||
font_01_sfnt_off00031fd1.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x31FD1 | 12200 bytes |
SHA-256: b158eba268f0a379ec9713e0b9cee4720f9f54cc042bd12771c009efd842a5bc |
|||
font_02_sfnt_off000348e4.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x348E4 | 17188 bytes |
SHA-256: ad1f660211f11423d3a38e4054f274655a50751a3ad248c45724fa4140d33d42 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.