MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The file is a PDF document that contains an embedded URL pointing to a suspicious domain. ClamAV detection and ML classification strongly indicate malicious intent, specifically phishing. The document body, though heavily obfuscated, suggests a lure related to a movie review, which is a common social engineering tactic.
Machine Learning
- Nyx PDF Classifier malicious score 0.9998
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://botokaw.ru/aws?utm_term=review+on+lights+out+2016+movie
- https://lipemegovaw.weebly.com/uploads/1/3/4/7/134766771/f739a42941bdb.pdf
- https://cdn.sqhk.co/gujowaxexag/YrgjgjW/widilozanida.pdf
- https://gifetapajuloper.weebly.com/uploads/1/3/4/6/134682222/wufusenixiwazedo.pdf
- https://cdn.sqhk.co/muvotugi/tVibjbo/comic_maker_for_minecraft_codes.pdf
- https://cdn.sqhk.co/temejikowewa/Qhghcgc/63641160767.pdf
- https://lumikefobebodas.weebly.com/uploads/1/3/4/3/134324067/ledevaj_lowuxuz_gafinadunomu.pdf
- https://murenelu.weebly.com/uploads/1/3/1/8/131856612/8b81a47.pdf
- http://tadefog.medianewsonline.com/vozudisowumug.pdf
- http://wamuwosola.mygamesonline.org/nigerian_army_ranks_and_symbol.pdf
- http://towonededuv.medianewsonline.com/ajeeb_kumba_novel_download.pdf
- https://cdn.sqhk.co/nidaruzada/hijgiih/64656289278.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- http://gozenabuzixi.onlinewebshop.net/dot_product_worksheet.pdf
- https://uploads.strikinglycdn.com/files/1237cddc-d153-4e08-961b-b146303232ca/real_estate_agent_training_near_me.pdf
- https://uploads.strikinglycdn.com/files/cf7ba827-8627-4001-bed5-77bc2301f2dc/can_i_control_bose_solo_with_tv_remote.pdf
- https://uploads.strikinglycdn.com/files/aa4608b5-2ff4-45b4-8094-0b39deeb2605/are_muffins_healthier_than_donuts.pdf
- http://dikedelunok.rf.gd/pigefojisazasusof.pdf
- http://duwujupis.epizy.com/how_to_cite_electronic_sources_chicago_style.pdf
- https://uploads.strikinglycdn.com/files/af656467-b1dc-45fd-91e1-df4bdeb85a04/nasasigujova.pdf
- http://zimunumiwu.epizy.com/59629157403.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000f633.bin8f55a406a91061b26cf2f459fa705b14fca74ec02ff9019c362f8a612cb7577b |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xF633 | 5432 bytes |
font_01_sfnt_off000108b4.bine90117ef180305fff6115b6261f3d0ca4285fd3fe6cfc7e223e19bc3db2fb131 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x108B4 | 11196 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.