MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF file was detected as malicious by ClamAV and an ML classifier, indicating a high likelihood of malicious intent. The embedded URI points to a suspicious domain, suggesting a phishing or malware distribution attempt. No scripts were extracted, but the presence of an external URI is a strong indicator of a malicious document.
Machine Learning
- Nyx PDF Classifier malicious score 0.9998
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://zajinet.ru/strik?utm_term=gear+one+pa2400+specs
- https://cdn.sqhk.co/lezebulodiw/ie5if1R/xowulufiwutewub.pdf
- http://makedctl.site/bittersoet_tv_seriesykdku.pdf
- https://cdn-cms.f-static.net/uploads/4476765/normal_604d24a9e42e5.pdf
- http://fapasevusiledap.mygamesonline.org/alabama_football_2020_schedule.pdf
- https://cdn.sqhk.co/fapetemiji/HcKwKgg/best_movies_2020_imdb_released.pdf
- http://wozupabalaviv.medianewsonline.com/srimad_devi_bhagavatam_in_tamil.pdf
- http://boothattendant.com/36407069397i7075.pdf
- https://cdn-cms.f-static.net/uploads/4425009/normal_601e0c44bad42.pdf
- http://dezlice.ru/ice_cream_running_dog6dh04.pdf
- https://cdn.sqhk.co/bivadudit/cjakfih/spiral_fast_balls.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://uploads.strikinglycdn.com/files/4434dbe1-17cc-4d77-bd0f-b7087c881c21/why_not_wash_clothes_on_thursday.pdf
- https://uploads.strikinglycdn.com/files/fec1ccf0-b056-4d73-ab89-3592669192c4/magic_bullet_blender_black_friday_deals.pdf
- https://uploads.strikinglycdn.com/files/8718c640-7469-4857-b14a-96fa48f3a429/indian_veg_sandwich_recipes_for_weight_loss.pdf
- https://uploads.strikinglycdn.com/files/c2498cca-a1ab-49f5-b7df-9beaee928c58/79435739736.pdf
- https://uploads.strikinglycdn.com/files/69598537-11ba-4fd8-bb93-b9e61a93898b/head_first_java_2nd_edition_release_date.pdf
- https://uploads.strikinglycdn.com/files/e3ab9bd6-1320-4de5-8ab4-5765b01504ff/4520486212.pdf
- http://rulamiji.onlinewebshop.net/itunes_hip-hop_charts_albums.pdf
- https://uploads.strikinglycdn.com/files/21d5ccf1-249d-4b11-9ab8-661ab6aca9b1/what_kind_of_battery_does_my_nissan_rogue_key_fob_take.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000c68b.bin30a65908472705fa640d20ebfe98c3a4f2f23882b05f5c59cd8f66e1e250475a |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xC68B | 5288 bytes |
font_01_sfnt_off0000d89e.bin8a585ab096475a8ea07693e30ccbe3a993dc65fe20ee2733bdb36d59c68c3c84 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xD89E | 10432 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.