MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The file is a PDF document identified as malicious by ML classifiers and ClamAV. It contains an embedded URI pointing to a suspicious domain, likely intended to redirect the user to a phishing or malware distribution site. The PDF structure itself also shows signs of manipulation, with duplicate object bodies, further indicating malicious intent.
Machine Learning
- Nyx PDF Classifier malicious score 0.9997
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://golowaki.ru/wix?keyword=article+3+the+judicial+branch+worksheet+answers
- http://gemajesubon.22web.org/business_process_improvement_case_study.pdf
- http://muzibatixabu.mypressonline.com/jofotiliwesajivu.pdf
- http://konsalting.info/vivitos31na.pdf
- http://gitilapen.66ghz.com/66989595755.pdf
- http://blekrossi.ru/aberdeenshire_councillors_formartinew6egq.pdf
- http://copyright-security-ig.com/231296344471fogg.pdf
- http://onlyforyou.space/davis_drug_guide_16th_editionkfvmk.pdf
- http://fimewot.xyz/80393084533a4hga.pdf
- https://cdn.sqhk.co/jorubili/heciggf/metro_df_mapa.pdf
- http://gufutaca1.xyz/chartered_financial_analyst_meaning_in_arabic6yhok.pdf
- http://tosety.xyz/23780145526e5ea9.pdf
- http://helplnstagramcontact5087423.com/49905924680qh3f.pdf
- https://cdn.sqhk.co/jolodovi/ZRha8ic/the_last_house_on_the_left_netflix.pdf
- http://pofuxubilet.sportsontheweb.net/tenavimuso.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://ec5c17a1-061e-4a2c-a9e6-b3561ba71229.filesusr.com/ugd/299074_6aaf32c06f5149979b5558acd9de90ba.pdf?index=true
- https://6632aaff-1fe9-4f1d-acb3-7d444e457837.filesusr.com/ugd/ce4b7c_78db8f2177954dcba5630a649dd93cac.pdf?index=true
- https://f2d828cf-06d9-46ea-85af-d88b0bc20d44.filesusr.com/ugd/501a20_1634adf4c12a4fe5b315e78d881ad8de.pdf?index=true
- http://xozokol.rf.gd/antenna_and_wave_propagation_by_kd_prasad_download.pdf
- http://vufitifulabam.rf.gd/61871702763.pdf
- https://ecad98c5-3f79-4b5a-9309-7060426a101e.filesusr.com/ugd/66ec94_f3cf1e89889c4219a39be2380f801530.pdf?index=true
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000e6b8.binb7a7dbd4b27c58bee684ee22fb75e448071701e6e59ddd8387d96ec9533704d0 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xE6B8 | 5552 bytes |
font_01_sfnt_off0000f9a0.binc8f520ea1de31cf42d26f283540809fa2cd961400ff7192246357da0c77c995b |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xF9A0 | 10640 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.