MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The sample was detected as a malicious PDF by ClamAV and an ML classifier. It contains an embedded URI pointing to a URL that appears to be a phishing lure, disguised as a search result. While no scripts were explicitly extracted, the PDF structure and embedded URLs strongly suggest a phishing or credential harvesting attempt, likely delivered as a spearphishing attachment.
Machine Learning
- Nyx PDF Classifier malicious score 0.9998
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://leonvi.ru/wix?keyword=ffa+word+search+%252810+points%2529+answers
- https://cdn.sqhk.co/tavazuvu/whdaDjf/chris_young_song_drowning_meaning.pdf
- http://fevavoke.iblogger.org/business_communication_today_courtland_l_bovee_free_download.pdf
- https://cdn.sqhk.co/fabokofe/higQv1T/dog_birthday_cake_recipe_4_ingredients.pdf
- http://vomidujoma.scienceontheweb.net/business_development_manager_job_description_sample.pdf
- https://cdn.sqhk.co/mitugejaxel/MgfibiX/fashion_city_2_mod_apk.pdf
- https://cdn.sqhk.co/riroxale/tZWiggf/41920138160.pdf
- http://sivolejujivozul.scienceontheweb.net/47196781476.pdf
- https://cdn-cms.f-static.net/uploads/4451033/normal_604e1b0e54b40.pdf
- https://cdn-cms.f-static.net/uploads/4488315/normal_603edb64a528a.pdf
- http://wolorafo.22web.org/kovofi.pdf
- http://rivilidopu.medianewsonline.com/beganinaladakirotusezumuf.pdf
- https://cdn.sqhk.co/nisisepolo/gihgf2j/rock_band_guitar_hero_ps4.pdf
- https://static.s123-cdn-static.com/uploads/4369794/normal_6000c865b01b6.pdf
- https://cdn.sqhk.co/pepitaji/hWjdjd6/89111874396.pdf
- https://cdn.sqhk.co/zalivelo/hcFijjd/equalizer_pie_pro_apk.pdf
- http://rimiripa.mypressonline.com/are_bowflex_gyms_good.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- http://disorasejazamu.epizy.com/77654563595.pdf
- http://dizigudaz.epizy.com/etiology_of_type_1_diabetes_mellitus.pdf
- http://gofosuxubajo.epizy.com/nupiza.pdf
- http://kofipazefoleris.epizy.com/93387579629.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000d4b4.bin7ec2572a0e5b1f2d6a2f6b0ec0944c0f266842898104b8146cb1d388c969b87f |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xD4B4 | 5604 bytes |
font_01_sfnt_off0000e7ea.binc5af3fa2006677b6256e618004633fb676830cccba8ef3e722f0b65ffcb35401 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xE7EA | 10576 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.