MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF file was flagged by ML classifiers and ClamAV as malicious, specifically as a phishing trojan. It contains an embedded URI pointing to a suspicious domain, likely intended to host a malicious payload or phishing page. The document body, though heavily obfuscated, suggests a lure related to repair costs, aligning with common phishing tactics.
Machine Learning
- Nyx PDF Classifier malicious score 0.9997
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://lozipotod.ru/strik?utm_term=average+cost+of+washer+repair
- http://oneshops.space/7491208204105xut.pdf
- https://cdn.sqhk.co/bidomutarili/gjjiAQj/the_rules_of_survival_book_review.pdf
- https://cdn.sqhk.co/sovokeduseb/jdrjhgi/tofadeguturaduzegosusanam.pdf
- http://creditreportfast.info/56057905837tclps.pdf
- http://help-feedback-amzn6.xyz/cake_recipe_without_eggs_ukr8c2c.pdf
- https://cdn.sqhk.co/rijomawonuj/hbPijMu/25527715156.pdf
- http://martakkord.ru/9794747155f3l8d.pdf
- http://mailedflkf.site/optical_fiber_communication_keiser_downloadb0b1l.pdf
- https://cdn-cms.f-static.net/uploads/4413243/normal_604197cb08f4f.pdf
- https://static.s123-cdn-static.com/uploads/4402710/normal_5fee33cc4b697.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- http://www.daltonmaag.com/
- https://uploads.strikinglycdn.com/files/5cbe2e69-0254-463c-826f-ff195df54eb1/how_to_learn_spanish_for_nurses.pdf
- https://uploads.strikinglycdn.com/files/f511b851-b0ba-42e7-9390-800386ef69a6/80947199726.pdf
- https://s3.amazonaws.com/wudibirewuduto/call_of_duty_open_beta.pdf
- https://s3.amazonaws.com/dazinibonofobi/plma_exhibitor_list.pdf
- https://uploads.strikinglycdn.com/files/03f092d4-7ac5-435f-b1d0-96b2fcdb9a12/vans_old_skool_white_and_black_leather.pdf
- http://dipobitabi.rf.gd/16958691904.pdf
- http://damiwedokele.epizy.com/difference_between_bandwidth_and_throughput.pdf
- https://s3.amazonaws.com/tolivajupeku/wazisamimigikirefodo.pdf
- https://s3.amazonaws.com/jalasilunaz/59194824999.pdf
- https://uploads.strikinglycdn.com/files/2309b9f8-1333-4835-bcc6-72170fb2490c/zurowinipumovowofuzipiwo.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000103ae.bin3b7e89cf550e740ee3f1fd0a09674e29fd1f5a848f470e4aae3b2659e22cdb1e |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x103AE | 5068 bytes |
font_01_sfnt_off00011518.bin858de60d6c4fa42c0f74bea11ec712d37b30e8152219fe0b7f3d8b9fb3d94152 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x11518 | 10912 bytes |
font_02_sfnt_off00013a6f.bin0d0f64e27578eb124b8bc81c7eceacdd166e22eddd95c81328e9fbd7de2a6333 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x13A6F | 4324 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.