MALICIOUS
104
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The file is a PDF document identified as malicious by ML classifiers and ClamAV. It contains an embedded URL that appears to be part of a phishing lure, as indicated by the 'SE_INVOICE_LURE' heuristic and the URL's query parameters suggesting a search for personal financial information. While no scripts were explicitly extracted, the PDF structure and the presence of external URIs suggest potential for malicious JavaScript execution or redirection.
Machine Learning
- Nyx PDF Classifier malicious score 0.9998
Heuristics 5
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
Fake invoice / payment lure low SE_INVOICE_LUREDocument contains invoice or payment language paired with an action verb — useful context when combined with link, macro, or attachment indicators
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://botokaw.ru/wix?keyword=george+donaldson+net+worth
- http://vuxokiwi.22web.org/bolox.pdf
- https://static.s123-cdn-static.com/uploads/4475737/normal_5fdd97b5e64b9.pdf
- http://dmgameplan.com/740499698776lma6.pdf
- http://studytogether.fun/kitchenware_list_items0o4mx.pdf
- https://static.s123-cdn-static.com/uploads/4369516/normal_5fde0dca94c06.pdf
- http://boothattendant.com/sans_top_20_critical_security_controls_20194358s.pdf
- http://hempmap.ru/tewulepurasawamofumuko5g0w.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- http://kajuwipaf.epizy.com/application_for_schengen_visa_arabic.pdf
- http://lipepojofutuxuf.epizy.com/how_to_teach_piano_to_beginner_adults.pdf
- http://kelawezup.rf.gd/mizujizukinilukupawudeded.pdf
- http://zurutoraxavifes.rf.gd/muzoratipunufir.pdf
- http://fidomibudirej.rf.gd/templates_for_tombstone_unveiling_invitation_cards.pdf
- https://uploads.strikinglycdn.com/files/c885c26c-ba02-4c52-80fe-9222b4fcccc4/3272895400.pdf
- http://dojidusajotat.epizy.com/gatogununerigigawidunuke.pdf
- https://uploads.strikinglycdn.com/files/ff819fcd-ed4f-4b94-a46e-e2d7e272da81/what_is_the_xia_dynasty_best_known_for.pdf
- https://uploads.strikinglycdn.com/files/8ee7880b-bd39-42be-a170-80ad4f05edc1/is_nitecore_a_good_flashlight.pdf
- http://beralopijabeziz.rf.gd/60539492136.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000dadc.binabdaec6a8b01e53b52d34427bd120554ba12b2ecdd86a652b90af3e44576e025 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xDADC | 5212 bytes |
font_01_sfnt_off0000ec9f.bind24c06d1a0b66e4430a5aed4619b0e33822494055542044b4074a6baacbc565c |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xEC9F | 11068 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.