MALICIOUS
104
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF contains embedded JavaScript and a high-confidence ML classification indicating maliciousness. It also features a URL that, when combined with the document's apparent theme of an 'Audi dealer locator', suggests a phishing or credential harvesting attempt. The presence of embedded JavaScript indicates an attempt to execute malicious code within the user's browser or PDF reader.
Machine Learning
- Nyx PDF Classifier malicious score 0.9941
Heuristics 5
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
Embedded JS stream low PDF_JSPDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://resalured.ru/wix?keyword=audi+dealer+locator+belgium PDF link annotation
- https://nurufumetexode.weebly.com/uploads/1/3/5/3/135323779/mudumelabisuta-toraxamimod-xugadenufuvuwiw.pdfIn PDF document text
- http://alcexpress3.xyz/nutritional_medicine7hjzp.pdfIn PDF document text
- https://widuboxizivibib.weebly.com/uploads/1/3/4/3/134315701/662f205.pdfIn PDF document text
- http://telgrm.site/zepiv2otjb.pdfIn PDF document text
- http://idealslimitaly.site/zatad35rgu.pdfIn PDF document text
- https://bibixofepo.weebly.com/uploads/1/3/4/2/134235383/veviteviboxurar-risela-wulepidiniwa.pdfIn PDF document text
- https://wolegowagu.weebly.com/uploads/1/3/4/4/134404953/aa0af4324ea7.pdfIn PDF document text
- http://familyit.pro/bollywood_hd_video_song_pagalworld._com_2017x8zmz.pdfIn PDF document text
- http://blockingscenery.com/can_you_convert_a_weber_genesis_natural_gas_grill_to_propanehdtue.pdfIn PDF document text
- https://jeduwenerapowi.weebly.com/uploads/1/3/4/6/134678879/lunipelesuxewag-xumogorawum-vifelaz-zuwoxalosug.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://s3.amazonaws.com/muvevanepen/943884720.pdfIn PDF document text
- https://8650d040-a33d-467d-a608-6706f181f11b.filesusr.com/ugd/61b8bf_cfe9f1f5fdef4affa6dc806e812429a1.pdf?index=trueIn PDF document text
- https://s3.amazonaws.com/mefonevimimix/employee_attitude_definition.pdfIn PDF document text
- https://s3.amazonaws.com/wizakokowe/tefizeporizanevalusidita.pdfIn PDF document text
- https://77bac38d-831a-46d6-8f22-d7743fcadc58.filesusr.com/ugd/5b9a87_3fc01d903e96432da48f195a2dc41f12.pdf?index=trueIn PDF document text
- https://s3.amazonaws.com/marimejerebo/173410600.pdfIn PDF document text
- https://45b0b119-5f8c-43e7-b437-4e12d17c1c81.filesusr.com/ugd/3826db_884ceb7cee0a42169417e68e0a052432.pdf?index=trueIn PDF document text
- https://b5b764bc-4fc6-48d7-9a4b-423a4d05f225.filesusr.com/ugd/3f2390_8c1a76f3d54c4dc9b321ede04f0fd94b.pdf?index=trueIn PDF document text
- https://1a441fb4-51dd-4528-a053-eb59ff664e18.filesusr.com/ugd/43d9d5_21947fd2ad7c4feabbc36181d14c95e5.pdf?index=trueIn PDF document text
- https://s3.amazonaws.com/loxopudizus/57299317879.pdfIn PDF document text
- https://68f2566a-c586-4d15-a5d1-3a72044c38f3.filesusr.com/ugd/ecec20_5146491b203b41dea7c8c2deff34d647.pdf?index=trueIn PDF document text
- https://s3.amazonaws.com/megodipewukitoj/midaguwizuwupawibalamanev.pdfIn PDF document text
- https://s3.amazonaws.com/bevekizadoxuj/an_introduction_to_lng_bunkering.pdfIn PDF document text
- https://s3.amazonaws.com/vatosolikijike/october_blank_calendar_template.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00017724.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x17724 | 305028 bytes |
SHA-256: ec1069122ea89e2a2a097470adeb1f78a7303281c039cd11f31637e03027dee2 |
|||
font_01_sfnt_off0004f310.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x4F310 | 5212 bytes |
SHA-256: 965e48cf5b8a779d0ebafd3aba6aa767838eb98ce8b348adcc0807b61e5d0954 |
|||
font_02_sfnt_off000504b2.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x504B2 | 11660 bytes |
SHA-256: 393b5079d8096c7fd71a976322f7da5817c93690aa1bafbb909e9889c7bb319b |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.