MALICIOUS
104
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The file was detected as malicious by ClamAV and an ML classifier, indicating a high likelihood of malicious intent. The presence of a visual download button and embedded external URLs suggests a phishing or social engineering attack aimed at tricking the user into downloading further malware. No scripts were extracted, but the PDF structure and embedded URLs are strong indicators of a malicious document.
Machine Learning
- Nyx PDF Classifier malicious score 0.9998
Heuristics 5
-
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
-
Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTONDocument contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://resalured.ru/123?utm_term=bellota+free+font
- http://sezejawi.mypressonline.com/rivomotinozarakodexax.pdf
- http://xivitej.66ghz.com/what_are_the_3d_commands_in_autocad.pdf
- https://cdn-cms.f-static.net/uploads/4493905/normal_60419545278b9.pdf
- http://winovigamaj.mygamesonline.org/english_phonetics_and_phonology_by_peter_roach.pdf
- http://dosubodanes.mypressonline.com/tcs_aptitude_test_paper.pdf
- https://cdn-cms.f-static.net/uploads/4489994/normal_5fd76bdb6211d.pdf
- http://pepesox.22web.org/9233648697.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://uploads.strikinglycdn.com/files/19a8e071-7006-4e51-ac50-04f465fce5a3/49474768813.pdf
- https://uploads.strikinglycdn.com/files/f1eb702e-fa34-4077-af7e-fad60fba8137/24942224850.pdf
- https://uploads.strikinglycdn.com/files/c86fb90e-26d5-482a-8565-fa7ff3600aed/how_to_learn_currency_exchange.pdf
- http://jewedib.epizy.com/akeytsu_indie_free.pdf
- http://gufegipusulu.epizy.com/ugly_love_movie_watch_online_free.pdf
- https://uploads.strikinglycdn.com/files/2bc67018-ca0c-4789-aeb7-a915bd1bd09f/rosina_lippi_green_english_with_an_accent.pdf
- http://kilobawul.rf.gd/81282742281.pdf
- http://bamonoxo.onlinewebshop.net/sintomas_aneurisma_aorta_abdominal.pdf
- http://wasalesex.epizy.com/94492171985.pdf
- http://fosatuzosi.epizy.com/paulo_coelho_the_alchemist.pdf
- https://uploads.strikinglycdn.com/files/e426716e-f2e8-4423-a3f1-07ac8e2ee1aa/hampton_bay_200_watt_digital_transformer_instructions.pdf
- http://bitines.myartsonline.com/40555576488.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000f36e.bin1c6965fbfc41422173c3f4f68176e7e1e3dbc7170eb87cdbdba8a65c25269442 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xF36E | 4632 bytes |
font_01_sfnt_off00010341.bin024d0919f1c1bed85b9f1748a1fce8f608fa9713ea852ffe8d00c1f3b1afd3d4 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x10341 | 10932 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.