MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF file was flagged by ML classifiers and ClamAV as malicious, specifically as a phishing trojan. It contains an embedded URL that directs users to a website, likely to deliver a malicious payload or conduct further phishing activities. The document body, though heavily obfuscated, suggests a lure related to educational materials.
Machine Learning
- Nyx PDF Classifier malicious score 0.9996
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://bologen.ru/wix?keyword=gizmos+student+exploration+free-fall+laboratory+answer+key
- http://neo-tp.ru/trendnet_tew-731br_price_in_bangladeshfegsi.pdf
- http://meetsoda.club/how_long_should_chicken_cook_on_george_foreman_grill34kb0.pdf
- http://tradestaroffice.com/rixejatuvobebefov39q.pdf
- http://predouche.xyz/kipotaguvifonomiremoc6m80.pdf
- http://zezasarasojid.mywebcommunity.org/zojirushi_commercial_water_boiler__warmer_169_oz_capacity.pdf
- http://vinnipoh.fun/dell_optiplex_7010_motherboard_form_factoryr35k.pdf
- http://doxisodezezaku.iblogger.org/kufil.pdf
- http://subonus.ru/43082846268sdcji.pdf
- http://luxshop21.site/19748723124iw7le.pdf
- http://gukiduwonaxinef.getenjoyment.net/economie_politique_definition.pdf
- http://viniveba.mywebcommunity.org/what_is_wings_of_fire_book_1_about.pdf
- http://gufutaca1.xyz/25437500110su5jm.pdf
- http://fresh-ita.fun/alain_de_botton_course_of_love_reviewarevk.pdf
- http://cmb-accueil.com/bagutorogajovikarojabisbvmx.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- http://zijurape.atwebpages.com/vedic_mathematics_books_free_download.pdf
- https://uploads.strikinglycdn.com/files/d6bced7d-d325-4d26-a1e5-daf8cce05dd1/zojirushi_rice_cooker_cleaning.pdf
- https://uploads.strikinglycdn.com/files/82e2fc75-29b8-426f-b6b0-84cd310f3420/acurite_outdoor_thermometer_with_humidity.pdf
- http://tixenolas.epizy.com/how_to_dismantle_rowenta_iron.pdf
- https://uploads.strikinglycdn.com/files/70e45e9b-efbc-4eac-96e4-5c62c870ad5d/tofaruzu.pdf
- https://uploads.strikinglycdn.com/files/f1b77e0a-d475-40c0-a178-7faed5b51391/95842725245.pdf
- https://uploads.strikinglycdn.com/files/f1cf5834-735c-4211-aa61-adbe9c36204a/identidades_trigonomtricas_ejercicios_resueltos_faciles.pdf
- http://kikumofesokir.rf.gd/qld_tv_guide_cairns.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000dee1.binc23953c62b5748001e52a77775834c2dac57312c1034445b4b97a30d967a9649 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xDEE1 | 5764 bytes |
font_01_sfnt_off0000f294.bin661fd76f8913513bbdab2aeade24127101d55c6fc1c4a9fc8d4ecf236d6bf82f |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xF294 | 11068 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.