MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The file is a PDF document that contains an embedded URL pointing to a suspicious domain. The ML classifier and ClamAV detection strongly indicate malicious intent, likely for phishing or malware delivery. No scripts were extracted, but the presence of the external URI is a high-confidence indicator of malicious activity.
Machine Learning
- Nyx PDF Classifier malicious score 0.9998
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://bologen.ru/award?keyword=brownian+motion+martingales+and+stochastic+calculus+pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://s3.amazonaws.com/bepukuba/bovibebufiguwaremu.pdf
- https://uploads.strikinglycdn.com/files/7d26fbc1-80ad-45c3-bcf7-35669397a7f9/is_the_killing_still_on_netflix_uk.pdf
- http://vuxubeso.rf.gd/dangerous_drugs_board_report.pdf
- https://44bb6ee8-a0fe-4f72-890f-0f0a2fec05cf.filesusr.com/ugd/b65acf_3c6f3aacb2844426ad9cc6bfc845c6b9.pdf?index=true
- https://s3.amazonaws.com/pigolo/kwadaso_agric_college_forms_2018.pdf
- http://jerovewoxisabu.epizy.com/garojivigalinokivis.pdf
- http://situgew.epizy.com/kuvadudato.pdf
- https://a8a2d6b8-6248-42a0-90a4-e25e421c2e59.filesusr.com/ugd/f63f29_0ed607539858409b8b16e9c5adc10b4a.pdf?index=true
- http://gefifeji.rf.gd/runuzagupenimotosorogo.pdf
- https://7c8f45b7-e058-4e27-bccd-8ee7dcb26900.filesusr.com/ugd/d5cf39_fba01975751d4438a457d6794c15d7bb.pdf?index=true
- https://s3.amazonaws.com/jexijer/kifovivufibejidagul.pdf
- http://wosolebaxuwutux.rf.gd/gavisoxopivupude.pdf
- https://s3.amazonaws.com/wulagisi/american_assassin_book.pdf
- https://f13dd0f9-fe0a-4257-a88d-d9af1a1cf0e3.filesusr.com/ugd/d954c5_aba16459bc7149af8542decac9838087.pdf?index=true
- http://darelarara.epizy.com/vp_shunt_infection_guidelines_idsa.pdf
- https://1bf92926-22d0-44a1-94fb-b51843c41cd5.filesusr.com/ugd/762c1a_83819eeaa850474982d8bd3971104500.pdf?index=true
- https://506dbbd1-d4b3-44b1-a4c9-6b5d0cab6a23.filesusr.com/ugd/c75f60_e52583294e834e5a963b736d6f707d24.pdf?index=true
- https://uploads.strikinglycdn.com/files/c5a59cd6-3e2f-48e0-9151-72d2aed5559c/66552038560.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000e32f.bin9fddf4d2ba93bb2c466ea75943b5def455acbc79be99dd983fadf54c914b1e5a |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xE32F | 5712 bytes |
font_01_sfnt_off0000f68a.bina276e1b8e11c88350b4163ef7026703fd1e294e6e213561f36dfd8865da2429d |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xF68A | 10396 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.