MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF file was flagged as malicious by a machine learning classifier and ClamAV, indicating a high likelihood of malicious intent. It contains an embedded URI pointing to a suspicious domain, which is likely part of a phishing or malware distribution scheme. Although no scripts were explicitly extracted, the PDF structure and embedded URLs suggest it is designed to redirect users to malicious content.
Machine Learning
- Nyx PDF Classifier malicious score 0.9998
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://vilenefex.ru/strik?utm_term=verbos+regulares+en+ingles+concepto+y+ejemplos
- http://matawobedopikam.mywebcommunity.org/83957106402.pdf
- https://pexasuwen.weebly.com/uploads/1/3/4/5/134593650/juteruke_notoridivifevi.pdf
- http://lamejix.scienceontheweb.net/toward_a_psychology_of_being_download.pdf
- https://mipirizu.weebly.com/uploads/1/3/2/6/132682564/regas-xulemewefe-samikogikidobok.pdf
- http://mumijivamivaxij.medianewsonline.com/types_of_analytical_balance.pdf
- https://kunoloxudiruk.weebly.com/uploads/1/3/4/7/134767428/wewuvozubosoku_xazepolenamul_jemawo_patojax.pdf
- http://serovakarara.mygamesonline.org/bob_evans_nutrition_everything_breakfast.pdf
- https://gavaxavudo.weebly.com/uploads/1/3/4/5/134581950/piregawuduwomi_ridefudi_xubilukodurad_gotedejoluve.pdf
- http://mazejofeg.mygamesonline.org/materiales_dentales_historia.pdf
- http://sukutoxuwurif.mywebcommunity.org/aw_tozer_devotional_app.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- http://putojoner.rf.gd/12197554115.pdf
- https://s3.amazonaws.com/jenagubadopi/sidanigofidolavaleta.pdf
- http://zudovub.epizy.com/54095222345.pdf
- http://namutogenasokab.epizy.com/debazikoxokegen.pdf
- https://s3.amazonaws.com/tanikanaw/keseledakitenelukuvof.pdf
- https://s3.amazonaws.com/pibabopuduj/1080113666.pdf
- https://s3.amazonaws.com/jifedefujodu/19644890748.pdf
- https://s3.amazonaws.com/varolexexus/how_to_install_z-flashing_on_t1-11_siding.pdf
- https://s3.amazonaws.com/genijusemu/river_cafe_wedding_cost_per_person.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000eadd.bin968e6df4ce077490e91a77432ca5e8739f8cdc39e4a4c4a6271f8c540c2b20dc |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xEADD | 5536 bytes |
font_01_sfnt_off0000fdaa.bin07cfed5af2e38a4c81b9b57bb746107f4ba15870516fa78c5e1a9f3436895433 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xFDAA | 11972 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.