MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF file contains a heuristic firing for an external URI pointing to a suspicious domain, and numerous other URLs that are likely part of a phishing or malware distribution campaign. The document body, though heavily obfuscated, contains text related to 'work cited page example mla format', suggesting a social engineering lure. The ML classifier and ClamAV detection strongly indicate malicious intent.
Machine Learning
- Nyx PDF Classifier malicious score 0.9998
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://xezojetit.ru/123?utm_term=work+cited+page+example+mla+format
- https://static.s123-cdn-static.com/uploads/4410985/normal_6002e026aa481.pdf
- https://cdn.sqhk.co/jizesusaxeta/hiEgeJV/metal_texture_psd.pdf
- https://cdn.sqhk.co/pigexebobe/giJjiih/dead_ninja_mortal_shadow_2_mod.pdf
- http://casser.xyz/15318939313p69av.pdf
- http://afterdealer.pro/elemental_shaman_leveling_guide_classic_wowt9nen.pdf
- https://static.s123-cdn-static.com/uploads/4386594/normal_5ff26bcb35396.pdf
- http://vinorama.fun/my_talking_tom_2_online_gamelyubp.pdf
- http://odebayitrafikhizmeti.com/51062428215syfu9.pdf
- http://masito.space/jikozuviwasofkoa.pdf
- http://fizarumokugafu.mywebcommunity.org/70619248057.pdf
- http://yarrebitteh.online/what_oil_to_use_in_campbell_hausfeld_air_compressor7kqfy.pdf
- https://cdn.sqhk.co/feguzuvubut/ifIssJq/wigujepim.pdf
- http://idealslimitaly-ufficiale.site/468460272806ti3p.pdf
- http://xugaguf.mypressonline.com/29180560953.pdf
- http://alcozerox.com/walking_log_exampleb362h.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://s3.amazonaws.com/potamotaz/bigo_live_old_version_apk.pdf
- https://s3.amazonaws.com/fidobakipivogit/backup_software_for_android_to_pc.pdf
- https://s3.amazonaws.com/fedojigudaj/hoi4_man_the_guns_japan_guide.pdf
- https://s3.amazonaws.com/xanunafojuloki/kizideruraxidenijino.pdf
- https://s3.amazonaws.com/tibanepoxilibud/fractions_worksheets_for_third_grade.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00011ece.bin323636df16b1d3f223f8918685debab20485cdc8a415723bbd48543fe6f91124 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x11ECE | 5440 bytes |
font_01_sfnt_off0001315b.bin6e6ab141447f60a694e3cc57f87d766fb815b041a20821fd0182de68772ad864 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1315B | 11252 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.