MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF file was flagged as malicious by ML classifiers and ClamAV, indicating a high likelihood of malicious intent. It contains an embedded URL that directs users to a suspicious domain, likely as part of a phishing or credential harvesting scheme. No scripts were extracted, but the presence of the malicious URL and the overall classification strongly suggest a phishing attack.
Machine Learning
- Nyx PDF Classifier malicious score 0.9998
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ponafet.ru/aws?utm_term=how+to+start+my+bosch+800+dishwasher
- https://cdn-cms.f-static.net/uploads/4481053/normal_60287fe1334c8.pdf
- http://iwhite.space/nuporaturigiwomaitu97.pdf
- http://lifeshop.pro/gafafudekozikbsrpm.pdf
- https://cdn-cms.f-static.net/uploads/4368782/normal_60438177a6851.pdf
- https://cdn-cms.f-static.net/uploads/4443337/normal_5fd9755895288.pdf
- http://dirupomavi.iblogger.org/63152322240.pdf
- http://werewov.22web.org/nemiw.pdf
- http://matroskin.space/dodecahedron_book_report_patternl32we.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://cccd2283-d272-450a-840b-6541230ebad2.filesusr.com/ugd/5de1df_fb5d7e0ed3fc48638ec4ab1c358962a8.pdf?index=true
- https://uploads.strikinglycdn.com/files/6619215b-39e7-4880-ac81-773ed871ed81/10246569069.pdf
- https://s3.amazonaws.com/xixonu/how_to_become_a_2nd_grade_teacher.pdf
- http://podemerobetalax.epizy.com/lajivezuwulajawipexaz.pdf
- https://27420876-d215-4860-9a72-f48db0d0c320.filesusr.com/ugd/4062c2_7dd09fa4d8c94f1998443d723738c488.pdf?index=true
- https://uploads.strikinglycdn.com/files/760298c7-ffb2-422c-a7ee-c7a09ae0d0ed/target_garmin_vivofit_jr_2_spider_man.pdf
- https://s3.amazonaws.com/sajezife/bollenti_spiriti_1981_full_movie.pdf
- http://surafupomef.epizy.com/ccea_gcse_biology_textbook_answers.pdf
- https://s3.amazonaws.com/xujitezu/razewaxakirir.pdf
- https://s3.amazonaws.com/fipijife/53437422160.pdf
- https://8c0e102b-efba-4641-b7fc-347c26357927.filesusr.com/ugd/d420ee_b2199fe366974eaba4b1b4fce9731249.pdf?index=true
- https://s3.amazonaws.com/befafuni/xinarogosi.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000f6f4.bin0608be370d341a7b1dd02dfed78f333d5d83943067d3c191933df56c7561a9af |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xF6F4 | 5780 bytes |
font_01_sfnt_off00010a85.bin0b8a19972107ce3f6508c79015c0bc4f47bf9465eb9860edc7759ea5ca03356b |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x10A85 | 10860 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.