MALICIOUS
104
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1203 Exploitation for Client Execution
The PDF file was flagged by a machine learning classifier and ClamAV as malicious, specifically as a phishing trojan. It contains multiple embedded URLs, one of which is presented as a download link for a syllabus, indicating a social engineering lure. The presence of a 'download button' heuristic further supports this attack pattern.
Machine Learning
- Nyx PDF Classifier malicious score 0.9998
Heuristics 5
-
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
-
Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTONDocument contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://leonvi.ru/123?utm_term=bpsc+math+syllabus+pdf
- https://cdn.sqhk.co/raxoxawupej/pjhgeje/andor_s_trail_loader_map.pdf
- http://funseeds.site/balanced_scorecard_powerpoint_templateqrgbi.pdf
- https://cdn.sqhk.co/jarogofef/2UWsXhd/rangoon_creeper_plants_for_sale.pdf
- http://revershjtb.site/program_clicker_garage_door_opener_liftmasterewubk.pdf
- https://cdn.sqhk.co/lidumezuvir/gjaj0ie/19292230632.pdf
- https://cdn.sqhk.co/zutijujes/pAicU31/tivagepojibemizewir.pdf
- https://cdn-cms.f-static.net/uploads/4449990/normal_6030d9397543b.pdf
- http://befigter.xyz/dead_target_zombie_offline_mod_apk0k4ae.pdf
- https://cdn.sqhk.co/zuxifobiro/sheRgij/46107266694.pdf
- http://i12tws.website/chrome_for_windows_xp_offline_installerp0wwo.pdf
- https://cdn.sqhk.co/fosojatesog/0hbhZhc/biwalapizowibidaje.pdf
- https://cdn.sqhk.co/wusirilunoko/ijhawqW/morutupurepozuxa.pdf
- https://static.s123-cdn-static.com/uploads/4444864/normal_5feb6c161ea4f.pdf
- http://passive-income.ru/sewikagug7l7dy.pdf
- http://strapslap.online/english_phrasal_verbs_the_ultimate_phrasal_verb_book.pdf4xrmw.pdf
- http://lnstgramhelpcopyright.com/how_to_fill_a_vicks_cool_mist_humidifier45b44.pdf
- https://cdn.sqhk.co/goxobuve/gfpp2ii/rulunu.pdf
- https://cdn.sqhk.co/xovinexesun/6haZlhd/jollychic_online_shopping_mall_apk.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000ee0c.bin0f86575ca01b28659da57ad0592e44f58a52d56d9e223e6bd6be7e0def488f94 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xEE0C | 5588 bytes |
font_01_sfnt_off000100eb.bin6d17903df0b5593cc7c293c7e12de90260c9ad2a153ba715798379e620a09193 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x100EB | 11056 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.