MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The file is a PDF document that contains an embedded URL pointing to a suspicious domain, identified as malicious by ClamAV and a machine learning classifier. The document body, though heavily obfuscated, suggests a lure related to creating a workout plan, which is a common tactic for phishing or malware delivery. The presence of external URIs and the overall detection by security tools strongly indicate a malicious intent.
Machine Learning
- Nyx PDF Classifier malicious score 0.9998
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://golowaki.ru/strik?utm_term=how+to+create+a+personalized+workout+plan
- http://gadivawiw.sportsontheweb.net/68674219725.pdf
- http://kosamaritaj.getenjoyment.net/terufozeletelenawenaza.pdf
- https://static.s123-cdn-static.com/uploads/4489734/normal_5ff339001261e.pdf
- https://cdn-cms.f-static.net/uploads/4530171/normal_603e7386a433d.pdf
- http://lebizifijafaxim.medianewsonline.com/apple_a1392_setup.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://uploads.strikinglycdn.com/files/ba3d10da-5c5c-4cf3-b466-27a60ac97ee0/second_language_acquisition_theories_overview_and_evaluation.pdf
- https://b81f28a7-a6cc-4df9-aebb-a76b708ee4b5.filesusr.com/ugd/df05b2_629da2aa0f474037993a925052cbd607.pdf?index=true
- https://uploads.strikinglycdn.com/files/4afb3460-ce51-4be4-9469-0cdd948ca393/gigofelozugex.pdf
- http://kamuwizedelas.rf.gd/learn_excel_2020.pdf
- https://uploads.strikinglycdn.com/files/6e99572e-8cb9-4212-81e1-65a6074d59ac/metuluviboxadoxajimojobis.pdf
- https://30d6ba4c-d201-4e26-8f31-a0e059b28788.filesusr.com/ugd/f9b8bb_704f53aea76740a5bd1812ea4799a254.pdf?index=true
- http://rabelinowizufe.myartsonline.com/93386670654.pdf
- http://kigejumepit.rf.gd/business_name_registration_form_for_partnership.pdf
- http://fukuselumetu.myartsonline.com/empty_number_line.pdf
- https://uploads.strikinglycdn.com/files/534607db-d52b-41af-9905-efc4b84a07ab/kenuwetiboxiwip.pdf
- https://c183b790-cb34-49aa-848e-1a9f2b14dda3.filesusr.com/ugd/d8966e_f41be2d299c94aa299af960f96e17bde.pdf?index=true
- http://tatesit.myartsonline.com/potijegupo.pdf
- http://vodetovite.epizy.com/ib_chemistry_hl_textbook.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000f4e6.bin55c6b88bbf08fe90f036fb9eca2041b6e245ccc3ae7ab55a1032373824149ff5 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xF4E6 | 5236 bytes |
font_01_sfnt_off000106d9.bin30cbd90ad9b42ad807efbfe31d41edd08d108fc7c959fb50b9b90bd664b32258 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x106D9 | 11268 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.