MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF file was detected as malicious by ML classifiers and ClamAV, specifically identified as a phishing trojan. It contains an embedded URL that masquerades as an academic syllabus, a common lure for phishing attacks. The PDF structure also indicates potential for embedded scripts, though none were explicitly extracted in a readable format.
Machine Learning
- Nyx PDF Classifier malicious score 0.9998
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://midufefew.ru/wix?keyword=ap+biology+syllabus+2020-21
- https://static.s123-cdn-static.com/uploads/4389568/normal_5fcc75fe3d8f9.pdf
- https://xirejefeju.weebly.com/uploads/1/3/4/7/134723985/6284063.pdf
- https://cdn-cms.f-static.net/uploads/4480423/normal_600beebd61a67.pdf
- https://zerimesatevig.weebly.com/uploads/1/3/4/8/134879836/xurese.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://uploads.strikinglycdn.com/files/01b28fa5-fe4a-4068-8dfb-d29657708e6c/skyrim_xbox_360_tips_and_tricks.pdf
- https://c245485c-e1a4-4c5a-9a2a-c465a95e53c8.filesusr.com/ugd/25f824_ef38c00edb4d4dbbba393cd9591aa3da.pdf?index=true
- https://uploads.strikinglycdn.com/files/4e8bff54-2b02-4668-a5ca-3aae8f985de1/98251486319.pdf
- https://s3.amazonaws.com/punagilelabon/arch_tempered_kulve_taroth_weapons_spreadsheet.pdf
- https://uploads.strikinglycdn.com/files/73dbdafe-07e3-41f5-89d9-3930e27c420d/how_to_simplify_exponents_with_bases.pdf
- https://s3.amazonaws.com/makumapikeze/desktop_wallpaper_free_anime.pdf
- https://ab25a8b3-4d80-4d4b-93a1-c1347014fa7c.filesusr.com/ugd/8d0191_406be84a43b94fe19c180034db7fdb99.pdf?index=true
- https://86f5e18a-8766-4ae7-b9bf-31430b627380.filesusr.com/ugd/911c12_11dcf6a4d3d94730b98d61b3f0515e91.pdf?index=true
- https://s3.amazonaws.com/pidufozu/black_panther_wallpaper_pc.pdf
- https://s3.amazonaws.com/xipavir/ferrari_f40_0-60.pdf
- https://uploads.strikinglycdn.com/files/2c08f205-a106-4e1f-8470-e7969f59106b/do_not_forget_your_roots_quotes.pdf
- https://s3.amazonaws.com/bewibiwat/kenmore_gas_dryer_not_heating_all_the_time.pdf
- https://uploads.strikinglycdn.com/files/47f042ab-4dd2-4aec-946c-6c6beae4a344/89642430712.pdf
- https://18e99e0c-7034-4a8c-9069-267580a295b8.filesusr.com/ugd/b337f5_8d803c41b2d446a2a9222e69a184d76e.pdf?index=true
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000e1b3.bind7955d6760c22bb86616781ec2dabd64640e21192bc12f66d190f0aa63b4f5eb |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xE1B3 | 5480 bytes |
font_01_sfnt_off0000f487.bin47e3864b97bf4f066a0a756d9c659c6833f2c8ce6f30b8197d12e12a8a680871 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xF487 | 10324 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.