MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF file was detected as malicious by ML classifiers and ClamAV, indicating a high likelihood of malicious intent. It contains an embedded URI pointing to a suspicious domain, suggesting it's used to redirect users to a malicious site. The document body, though heavily obfuscated, contains keywords related to a 'circular saw guide', which is likely a lure to trick users into clicking the embedded link.
Machine Learning
- Nyx PDF Classifier malicious score 0.9997
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://botokaw.ru/123?utm_term=circular+saw+guide+harbor+freight
- http://itfamily.info/lexus_gx_460_towing_packagei2ode.pdf
- http://topshops.website/android_bitmapfactory._decodefile_null4iac4.pdf
- http://contarinihome.com/geometry_special_right_triangles_worksheet_answerspfn5o.pdf
- http://1ux.site/pallet_jack_repair_manualq72l3.pdf
- https://mavipevawifuduv.weebly.com/uploads/1/3/4/5/134598931/xixaxoxufojet-govudupeduv.pdf
- http://axecheat5.xyz/how_to_find_standard_deviation_on_gdcjeu7c.pdf
- http://ririzobe.medianewsonline.com/online_reduce_file_size_in_mb.pdf
- https://lizakefamejoxen.weebly.com/uploads/1/3/1/3/131384135/zidur.pdf
- http://mebelrostov.ru/humminbird_859ci_hd_gps_sonar_combo1wwwf.pdf
- https://muvekova.weebly.com/uploads/1/3/5/3/135394778/sebokamagi.pdf
- https://vumifedesonuzik.weebly.com/uploads/1/3/4/8/134849268/0221569716dec61.pdf
- http://viteroludobano.mypressonline.com/64969154931.pdf
- http://tk-time.site/truck_simulator_europe_2_download_uptodown5b78z.pdf
- http://discount50.pro/157858027462u7ms.pdf
- https://jarufepijup.weebly.com/uploads/1/3/0/7/130776730/xopobisutizukab.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://s3.amazonaws.com/bugutaj/2728667690.pdf
- https://s3.amazonaws.com/jobavo/rizojimukuvanisim.pdf
- https://s3.amazonaws.com/voropa/restricted_cash_balance_sheet_example.pdf
- https://411be8f8-4ba1-40b5-9edf-cc4a2c3d5ecc.filesusr.com/ugd/a86d68_8f58f1f827174a24bf4c8302ac41e5f6.pdf?index=true
- https://26f2e344-8444-46ea-90c9-5a893bcc2fb3.filesusr.com/ugd/b8c837_ae4839cc5efa4013ac8b91f93d2f4b62.pdf?index=true
- https://s3.amazonaws.com/dinilederu/ibps_clerk_recruitment_2018_notification.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000d1bd.bind11d454986340f51040cae1e30bd637a135292b6f603cbae3cf2b0a3b98fb356 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xD1BD | 5420 bytes |
font_01_sfnt_off0000e430.binf181869da52541f000565a640896643722c011a16916ed002c169eaeada15ee0 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xE430 | 10244 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.