MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF file was flagged by a machine learning classifier and ClamAV as malicious, with a high risk score. It contains an embedded URL that leads to a domain associated with phishing or malware distribution. The document body, though heavily obfuscated, suggests a lure related to a 'bilingual dictionary'.
Machine Learning
- Nyx PDF Classifier malicious score 0.9996
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://midufefew.ru/award?keyword=bilingual+dictionary+spanish+english+pdf
- https://cdn-cms.f-static.net/uploads/4480174/normal_5fe8328b13de0.pdf
- http://1xbets-regs.site/adb_root_access_android_phonenc7x9.pdf
- http://tazijiga.22web.org/81117782144.pdf
- http://crawlmqyu.space/relaxing_nature_sounds0a3yj.pdf
- https://cdn-cms.f-static.net/uploads/4502567/normal_6036d1de4a0ae.pdf
- http://bupro.asia/dataxineliv5mlzm.pdf
- http://puwobero.22web.org/pisagabimeniwugabux.pdf
- http://migunovaj.iblogger.org/19386760001.pdf
- https://static.s123-cdn-static.com/uploads/4494893/normal_5fc70f4b93e6a.pdf
- http://drive4mclaneeffingham.com/libro_los_axiomas_de_zurich32hdt.pdf
- http://bopifakuta.iblogger.org/lg_wm1388hw_front_load_washer_and_dlec888w_dryer_w_stacking_kit.pdf
- http://rufowanojona.22web.org/31170115835.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- http://nutimuratibuzur.epizy.com/mengganti_file_ke_jpg.pdf
- https://uploads.strikinglycdn.com/files/6234b21d-21eb-4ca7-9c85-6731f5faec15/how_to_use_woods_outdoor_timer.pdf
- http://xanobokapi.rf.gd/83018178372.pdf
- http://govakuvi.epizy.com/fusionner_2_avec_apercu.pdf
- http://kozifina.epizy.com/61784650235.pdf
- https://uploads.strikinglycdn.com/files/c6c28e4f-363e-43e6-becf-36ae79bceaf9/18939920133.pdf
- http://saperemobopiga.epizy.com/bedexup.pdf
- http://pevurevakube.rf.gd/xafor.pdf
- https://uploads.strikinglycdn.com/files/0a6156b0-26c4-4ef1-a201-83c46939b8d8/78709363726.pdf
- http://bubexixan.epizy.com/bachelorette_party_invitation_template_word.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000f329.bin32a778b3bb89582e49f5bf9bf8db386f398a705c6dc349e3115d206be1ea507f |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xF329 | 5568 bytes |
font_01_sfnt_off00010621.bin14d79c4527e1e9ae3e1c1ac64eed5147d365a526de54ae5304424e5f104d937a |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x10621 | 11736 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.