MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The file was flagged by ML classifiers and ClamAV as malicious, with heuristics indicating the presence of an external URI. The embedded URL 'https://pelibifir.ru/strik?utm_term=online+english+learning+course+app' is the primary indicator of a phishing or malware distribution attempt. Although no scripts were explicitly extracted, the PDF structure and embedded URI suggest an attempt to redirect the user to a malicious site.
Machine Learning
- Nyx PDF Classifier malicious score 0.9997
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://pelibifir.ru/strik?utm_term=online+english+learning+course+app
- http://theharaka.online/125254990149jdop.pdf
- http://netewe8.xyz/349440360601hiw1.pdf
- http://demigatakubap.iblogger.org/pemosaruragoxumuxa.pdf
- http://sallehub.xyz/gewopavubawuriq5s4n.pdf
- https://static.s123-cdn-static.com/uploads/4380082/normal_6000a754ede74.pdf
- http://pedufan.iblogger.org/rebiwilegevu.pdf
- http://najarixexosavuj.iblogger.org/bafelupujepivupatujemigel.pdf
- http://minuette.me/skyrim_special_edition_tips_and_tricksgv43d.pdf
- https://cdn-cms.f-static.net/uploads/4408713/normal_602ae585d5e83.pdf
- https://cdn-cms.f-static.net/uploads/4380078/normal_60353cbdc9625.pdf
- https://static.s123-cdn-static.com/uploads/4484370/normal_6001f0bcb1aef.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- http://ralomefin.epizy.com/cara_e_reporting_tax_amnesty.pdf
- http://pibagejebex.epizy.com/2019_fantasy_football_cheat_sheet_standard.pdf
- http://jusujewepexu.epizy.com/37112815170.pdf
- http://robinovedibepo.epizy.com/addition_subtraction_math_facts_worksheets.pdf
- https://b20aee1f-b1b7-4e4e-be5e-d884e4ece670.filesusr.com/ugd/10e3af_ff122914e3334c29981aac70386d9dae.pdf?index=true
- https://167c8e7b-8160-49a2-a88e-f26749d647c8.filesusr.com/ugd/1ad47d_531b79867d374c8ea8d4df3799c6d0bd.pdf?index=true
- https://cb38ef3f-1f2c-4622-8962-dca261660167.filesusr.com/ugd/3ae201_981e341be6f14b8aa113b17aa3256417.pdf?index=true
- https://2c8134a4-d865-4da1-8961-c755d7242105.filesusr.com/ugd/6dcf04_e093d4b7ab8e4525ae28a447bfee2578.pdf?index=true
- http://fadosidenisuko.epizy.com/ansys_spaceclaim_2020_user_guide.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000e47c.bin8f558b2440cddecb0eb6e8be94157c254b157f2e0dc716f4766308f95d3bc95a |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xE47C | 5224 bytes |
font_01_sfnt_off0000f639.bine64d19d2f2d22c68d5d73a6ed6afbbb855ec9a3ed0da2035dc8855078ce0f919 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xF639 | 10504 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.