MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The file is a PDF document identified as malicious by ClamAV and an ML classifier. It contains an embedded URL, 'https://maypoin.ru/strik?utm_term=prepositions+of+place+worksheets+for+grade+2+pdf', which is likely used to deliver a phishing page or a second-stage payload. The document body, though heavily obfuscated, suggests a lure related to 'prepositions of place worksheets for grade 2 pdf'.
Machine Learning
- Nyx PDF Classifier malicious score 0.9996
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://maypoin.ru/strik?utm_term=prepositions+of+place+worksheets+for+grade+2+pdf PDF link annotation
- https://cdn-cms.f-static.net/uploads/4366655/normal_60350c9019f12.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4392656/normal_60210819470e7.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4496571/normal_5fe9177395b7b.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4474465/normal_5fe540f5d985e.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4481157/normal_601db43a18207.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4379476/normal_603a9ffb5ca37.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4478927/normal_6013da56c3c97.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4409610/normal_5ffcd1dd3100b.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4383794/normal_6061951fcdedd.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4479224/normal_5ff2773633c6c.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4472763/normal_6013e7b1e9209.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4451737/normal_5fef1a8d999a6.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4373241/normal_604bc0b7b196a.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://uploads.strikinglycdn.com/files/1e924b78-d687-4d6a-a2af-dd9bda6068e1/labujuta.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/ae126a1b-c406-4e84-95ca-1b048bde1b4e/27416275012.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/a7cfbec9-f110-4c50-8464-1c1145e3e169/canon_mg2220_ink_replacement.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/5668ac3b-05fc-4557-abac-95802d973cdd/los_hijos_de_sanchez_resumen_pelicula.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/e5ff7a19-07ca-42ba-9c0c-d213f198b69a/what_is_the_difference_between_cash_basis_and_accrual_basis_accounting.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/cda5bc63-5ef7-4067-8876-4fb14831c62f/fijeneses.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/a1efe2a7-437a-4f47-b9c8-57a7e883b49e/maxitivorab.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/a7f66599-c8a5-4cf9-9e9e-e3afcb4e2595/mimafilebidejum.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/6c73a5a2-6e88-409e-873f-d04e6081e37e/fobiresaloje.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000ea5f.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xEA5F | 5704 bytes |
SHA-256: fa052fecb38241834b120f20387ea3fe3465b36a596b5938ef13258c36fa4d52 |
|||
font_01_sfnt_off0000fdd4.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xFDD4 | 11760 bytes |
SHA-256: f040e186a0d63644cd3530aab1a288455bdb5b0efa0a52d22cb04d9adb015a9b |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.