MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The file was detected as malicious by ML classifiers and ClamAV, indicating a phishing attempt. The embedded URL `https://leonvi.ru/award?keyword=corporations+act+cth+pdf` suggests a lure related to awards or corporate documents. While no scripts were explicitly extracted, the PDF structure and embedded URLs are indicative of a phishing campaign designed to redirect users to malicious sites.
Machine Learning
- Nyx PDF Classifier malicious score 0.9961
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://leonvi.ru/award?keyword=corporations+act+cth+pdf
- http://puwexakibo.iblogger.org/81389228843.pdf
- http://xenogejewaruvi.22web.org/tipos_de_puertos_de_comunicacion_en_informatica.pdf
- http://freshnatur.fun/safe_drive_save_life_report_writing_answerdct11.pdf
- http://kernig.pro/4342106485olfzz.pdf
- http://dkmz1.club/miller_bobcat_225_welder_generator_manualhxsxo.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- http://suginuzebaluwom.rf.gd/physioex_9.1_exercise_3_activity_7.pdf
- https://uploads.strikinglycdn.com/files/510bd652-02be-4c41-ab03-96d7c5cb7618/dimati.pdf
- http://wobowix.rf.gd/how_much_does_it_cost_to_replace_a_hyundai_sonata_engine.pdf
- http://zugumez.rf.gd/nolulev.pdf
- http://ravuxigud.epizy.com/affinity_photo_crack_free.pdf
- http://majukukosiw.rf.gd/blades_of_brim_free.pdf
- http://bozalusi.epizy.com/481416622.pdf
- https://uploads.strikinglycdn.com/files/f80e048b-d221-4b3a-a6ee-6a6b13d735f6/leturapun.pdf
- http://lepeporiluvoxaj.epizy.com/3859255811.pdf
- https://s3.amazonaws.com/mejigavukolu/cloudy_with_achance_of_meatballs_2_strawberry.pdf
- https://s3.amazonaws.com/retisovojor/77189246362.pdf
- https://uploads.strikinglycdn.com/files/73aece31-d6d3-498b-a87f-581b7a4c9ea6/flight_simulator_2020_weather_radar.pdf
- https://uploads.strikinglycdn.com/files/8aa3a077-9e4d-4091-ae05-b4589232393b/mekis.pdf
- http://witoluteg.epizy.com/nhtsa_manual_2015.pdf
- https://s3.amazonaws.com/jukoxisojow/lagu_cheating_on_you_charlie_puth.pdf
- http://ripeterub.epizy.com/zajujejafutezexekaroli.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0003ac62.bin1112de95bb6783d7d3702274792aa35e6a921d8e6bdf0ff5136568dee4514a3a |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x3AC62 | 5116 bytes |
font_01_sfnt_off0003bdbc.bin5e7b2e74dd1b61d27a071edb4f4252ccd0d72455bf36fa2ac2867caa10d65c37 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x3BDBC | 10988 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.