MALICIOUS
156
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
This PDF document was flagged by a machine learning classifier and ClamAV as malicious. It contains heuristics indicating it's a phishing lure, specifically requesting recovery secrets or private keys from the user. An external URI was also found pointing to a URL that appears to be part of a phishing campaign, likely serving a malicious payload.
Machine Learning
- Nyx PDF Classifier malicious score 0.9911
Heuristics 5
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
Recovery secret / private key request critical SE_SECRET_RECOVERY_LUREDocument requests recovery phrases, private keys, backup codes, or saved passwords. Requests for these secrets in a document are high-risk.
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://baarspo.ru/wix?keyword=fleksy+%252B+gif+keyboard+apk+download PDF link annotation
- http://lasleymarkt.ru/2687170900325vkm.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4410443/normal_5fd979a351bff.pdfIn PDF document text
- http://obuv-kozha.ru/cinebench_r20_windows_76cteq.pdfIn PDF document text
- http://espaceclient-cmb.com/xaperizituxobo4zdbj.pdfIn PDF document text
- http://bigtittybella.com/dodge_ram_2500_oem_parts_diagramfqo3k.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4467007/normal_5fd34364eeaf9.pdfIn PDF document text
- http://form-lnstagramverifiedbadges.com/briggs_and_stratton_lawn_mower_625_series_manualzat8i.pdfIn PDF document text
- http://lami-lashes.site/4238813081j5ma6.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- http://smc.org.in)MeeraRegularMeera2016SMC7.0.0+20171102HussainIn PDF document text
- http://smc.org.inhttp://smc.org.inIn PDF document text
- http://www.daltonmaag.com/In PDF document text
- https://s3.amazonaws.com/tubukeganuji/escape_room_mystery_word_answers_level_41.pdfIn PDF document text
- https://s3.amazonaws.com/kezemiradigu/75501389905.pdfIn PDF document text
- https://s3.amazonaws.com/lumixi/viewmodel_in_mvvm_android.pdfIn PDF document text
- https://s3.amazonaws.com/pajukovuxetu/ase_guidelines_native_valve_stenosis.pdfIn PDF document text
- https://s3.amazonaws.com/xijilesuzuxo/invensense_mpu-_6000_datasheet.pdfIn PDF document text
- https://s3.amazonaws.com/loxopudizus/bhagavad_gita_in_marathi_book.pdfIn PDF document text
- https://s3.amazonaws.com/gurafoga/transformer_bumblebee_toy_car.pdfIn PDF document text
- https://s3.amazonaws.com/pazovugal/25268190665.pdfIn PDF document text
- https://s3.amazonaws.com/lanaladu/8465040167.pdfIn PDF document text
- https://s3.amazonaws.com/pusixa/93147910664.pdfIn PDF document text
- https://s3.amazonaws.com/mufukep/cars_movie_in_tamil_hd.pdfIn PDF document text
- https://s3.amazonaws.com/sefepugolupalax/21692524622.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- https://savannah.gnu.org/projects/freefont/In PDF document text
- http://www.gnu.org/licenses/In PDF document text
- http://www.gnu.org/copyleft/gpl.htmlIn PDF document text
- http://scripts.sil.org/OFLIn PDF document text
- https://gitlab.com/smc/meera/blob/master/COPYINGIn PDF document text
- http://dejavu.sourceforge.netIn PDF document text
- http://dejavu.sourceforge.net/wiki/index.php/LicenseIn PDF document text
Extracted artifacts 8
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000fd4b.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xFD4B | 6588 bytes |
SHA-256: c6acebe3750ab55c09714fa1b34f6c70ddae3ce202e1a088ffcbc34adab53285 |
|||
font_01_sfnt_off00010d94.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x10D94 | 3880 bytes |
SHA-256: c956c602f1c34b1d7a138bcb6752e8ba091674e579f38aa0975e32180d8ea748 |
|||
font_02_sfnt_off00011b6c.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x11B6C | 5268 bytes |
SHA-256: a42693c3f666b0b1bb9b68e9f12c57a48d15fbe3a5cb39d5d78f277d7d7131ac |
|||
font_03_sfnt_off00012d62.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x12D62 | 3456 bytes |
SHA-256: 7bbb0ca5774171436ba08c6e80f72433a98bba25158556dabad4c31aabce11a3 |
|||
font_04_sfnt_off00013ade.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x13ADE | 7508 bytes |
SHA-256: f6b4fe6106dfbb12ba5ee1be04191d4dc2ac3dd6fd5918adb0f698a0b0a1078c |
|||
font_05_sfnt_off000154c9.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x154C9 | 12072 bytes |
SHA-256: bf5ff0e5eecfab1e6cb3a27cdacd04f2cf75821ae9008e0dc083c6a2d43032c9 |
|||
font_06_sfnt_off00017d51.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x17D51 | 21184 bytes |
SHA-256: 466201a6249b6f8c9aea833353ca6fb22eef1b643e179f41a5c2d167997c1d5f |
|||
font_07_sfnt_off0001a30e.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1A30E | 4324 bytes |
SHA-256: 1062cd8ddf90f4344fa193b395386d5669df1a952e5759311ca261a71931f361 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.