MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The file is a PDF containing an embedded URL that points to a suspicious domain, identified as malicious by ClamAV and ML classifiers. The document body, though heavily obfuscated, suggests a lure related to 'carrom rules in marathi language pdf'. The presence of embedded URLs and the overall detection by multiple security tools indicate a phishing or malware delivery attempt.
Machine Learning
- Nyx PDF Classifier malicious score 0.9987
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://zajinet.ru/award?keyword=carrom+rules+in+marathi+language+pdf PDF link annotation
- https://cdn.sqhk.co/dubeminap/h2hgjbN/44161704271.pdfIn PDF document text
- https://cdn.sqhk.co/lilaxikixo/FjeJhfG/metal_boy_dog_names_with_meaning.pdfIn PDF document text
- https://cdn.sqhk.co/motuwezelu/ihibieG/goth_platform_shoes_uk.pdfIn PDF document text
- https://cdn.sqhk.co/patagarinixa/biflkBP/drag_racing_modified_motorcycle_frames.pdfIn PDF document text
- https://cdn.sqhk.co/mibajufaneja/jhjdigc/mazemobolutufaganizu.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://uploads.strikinglycdn.com/files/e66c44f6-168a-4ab1-8926-7b1112891d80/45906278274.pdfIn PDF document text
- https://s3.amazonaws.com/liguwubore/65389292765.pdfIn PDF document text
- http://kakogajoxe.epizy.com/how_to_charge_hbs-730_headset.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/3e2953c2-9163-4422-88a2-e40392512b8d/how_to_practice_python_for_beginners.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/2bead840-ce2c-4ca5-b89f-0bf01304185b/3095303642.pdfIn PDF document text
- https://s3.amazonaws.com/setikizo/85664154511.pdfIn PDF document text
- http://sawopigemon.epizy.com/breast_cancer_diagnosis_guidelines.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/2ffa480f-9630-4997-9d0d-0ee4427bf97c/22188248405.pdfIn PDF document text
- https://s3.amazonaws.com/tasufagijaremo/attendance_register_format_with_in_out_time.pdfIn PDF document text
- http://xoxigibutu.epizy.com/13130748992.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/b2401b32-3bbe-4d3a-9d70-43c6de82709f/casio_edifice_watches_price_in_philippines.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/f4e4f652-2a65-49a0-a0e0-d2dff2aeb821/united_states_military_rank_structure.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/0b041980-3a32-41c5-87b0-a8707fb02bc8/best_hidden_picture_game_app.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/727c1a22-19f2-45b6-b369-1e683b7af32b/zomemomigux.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/68bfa905-c722-4013-ae8b-15ab99fd7cab/is_the_crossfire_series_a_movie.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/211b2cbc-1be4-46b2-ba3c-655da34fac0c/coleman_saluspa_inflatable_hot_tub_canada.pdfIn PDF document text
- https://s3.amazonaws.com/pogolo/what_are_some_great_video_games_that_nobody_has_made_yet.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/c4074f65-dd8e-4b31-b6a9-75811fcb8b56/40994707741.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00014b9b.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x14B9B | 5360 bytes |
SHA-256: 82bd49af2a7f54626a58287bdd2da8a08b342e920f1d92f09ab2edcb3a80856d |
|||
font_01_sfnt_off00015da7.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x15DA7 | 10372 bytes |
SHA-256: b855cc9813913761e6dbbcb692fde0ed870febda4a1e1409719679fa05aefd9b |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.