MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The file is a PDF document that contains an embedded URL disguised as an educational worksheet. This URL, along with other embedded URLs, likely serves as a lure for phishing or to download a secondary payload. The ML classifier and ClamAV detection strongly indicate malicious intent, classifying it as a phishing trojan.
Machine Learning
- Nyx PDF Classifier malicious score 0.9996
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://maypoin.ru/wix?keyword=simplify+radicals+worksheet+kuta
- https://pizosamijuge.weebly.com/uploads/1/3/4/3/134348406/3834317.pdf
- https://cdn-cms.f-static.net/uploads/4411923/normal_6067e65b80df4.pdf
- https://cdn-cms.f-static.net/uploads/4494893/normal_604c992aa295a.pdf
- http://kleomaften.online/5_column_chart_template93bev.pdf
- http://rokamik.iblogger.org/platform_sandals_uk_size_2.pdf
- https://cdn-cms.f-static.net/uploads/4366009/normal_600b4ec5b8049.pdf
- https://cdn-cms.f-static.net/uploads/4412889/normal_602b28fa012bb.pdf
- https://static.s123-cdn-static.com/uploads/4371244/normal_5fe01ee745560.pdf
- https://cdn-cms.f-static.net/uploads/4482617/normal_6033ed0a0d71b.pdf
- http://atelier-spb.com/vonetanukomumukumatu3v39g.pdf
- https://cdn-cms.f-static.net/uploads/4425909/normal_602a7060b3287.pdf
- https://static.s123-cdn-static.com/uploads/4373986/normal_5fc71f09a5714.pdf
- https://rafomuvufeja.weebly.com/uploads/1/3/1/8/131856077/9013505.pdf
- https://cdn-cms.f-static.net/uploads/4386079/normal_605f5bbb9f149.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- http://tuvoketer.epizy.com/bright_futures_3_year.pdf
- https://377d1c6c-8747-407e-9a0d-bb8234813250.filesusr.com/ugd/f0b1fd_9aa2889f83084997bdc92027ec26f8ef.pdf?index=true
- https://3df06c22-1e8a-4082-8cc2-a0fdc0609706.filesusr.com/ugd/d86e81_32d6ffed10f9486bb9f1910c0ad10cbd.pdf?index=true
- http://mulazukaga.rf.gd/how_to_reset_tws_i7_earbuds.pdf
- http://tabifewegijip.epizy.com/metal_gear_solid_2_pc_game.pdf
- https://7605d98d-8b17-4a41-9383-f5c8d5af9bcc.filesusr.com/ugd/2bed4c_44f143cfd1134a2588b7e4c920dbdf1d.pdf?index=true
- http://favuzokusom.rf.gd/jagovakewomepuxevu.pdf
- https://bac325b5-3710-4a60-ba01-c1ac5e8a7650.filesusr.com/ugd/c111de_8f4903057ee04a74ad288ba3d25d7631.pdf?index=true
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000dc50.binaad0ceb4bf81a53d0b4fd423a4b9b00f3465180ad197f5df482f47ff114c1d36 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xDC50 | 5756 bytes |
font_01_sfnt_off0000efda.bin4fd23d857d780e1016fe501eda113edabf98aacd26c492fb50b52e01b8e4ad66 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xEFDA | 10156 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.