MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF file was flagged by ML classifiers and ClamAV as malicious, specifically as a phishing trojan. It contains an external URI pointing to 'kuzutuzo.ru' which is likely part of a phishing or malware distribution campaign. The document body, though heavily obfuscated, suggests a lure related to 'Us history book 11th grade'. No scripts were extracted, but the presence of external URLs indicates an attempt to redirect the user to malicious content.
Machine Learning
- Nyx PDF Classifier malicious score 0.9992
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://kuzutuzo.ru/strik?utm_term=us+history+book+11th+grade
- http://jojidasusesot.sportsontheweb.net/31677334834.pdf
- http://healthytrands.com/kapitatiuynf9.pdf
- https://dudafenerow.weebly.com/uploads/1/3/4/9/134900552/1c919cab0f8d.pdf
- http://aycotoro6.xyz/65283228175l6u9x.pdf
- http://zokugorevat.mywebcommunity.org/eureka_vacuum_not_spinning.pdf
- https://cdn.sqhk.co/tekuligote/7Xgcvig/10225579542.pdf
- http://ca-management.website/firusudafeneruxevowufipqxjzn.pdf
- https://cdn.sqhk.co/tifomogoketu/ww32zjd/jesisosefe.pdf
- http://kismyketio.com/27372044849se2vg.pdf
- http://universe1.space/91837342133bn6pj.pdf
- https://cdn.sqhk.co/gotubosif/A1hijfC/4114311508.pdf
- https://cdn.sqhk.co/manowipete/gJjfJIC/81564908609.pdf
- https://terifurarogo.weebly.com/uploads/1/3/4/3/134317228/buvisezezibiraki.pdf
- http://metryck.info/bts_billboard_2018_performance_video29puo.pdf
- https://tatogupuragafa.weebly.com/uploads/1/3/4/0/134096405/391909.pdf
- http://axecheat1.xyz/debimubumon64isb.pdf
- https://dedotomonifagax.weebly.com/uploads/1/3/1/6/131606429/2116024.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://s3.amazonaws.com/dazemi/isotopes_ions_and_atoms_worksheet_answers.pdf
- https://s3.amazonaws.com/wujodibu/wubativa.pdf
- https://s3.amazonaws.com/sazixipame/vans_old_skool_womens_black_leopard.pdf
- http://zitasixan.atwebpages.com/database_security_tools.pdf
- https://s3.amazonaws.com/xenavuxa/antares_autotune_6_vst_free.pdf
- https://s3.amazonaws.com/xapijifas/answer_key_of_upsc_prelims_2014.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000f41f.bin6e266b854788d950160ad3099f38748278d895c49bd26a692c4c0c48c0c0d201 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xF41F | 5404 bytes |
font_01_sfnt_off00010686.binf9efded61d41d166e36355dfcccd1f7e3bb178fbbdd1cb92833cce2e4e5cf161 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x10686 | 10296 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.