MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
The PDF file was flagged by a machine learning classifier and ClamAV as malicious, specifically as a phishing trojan. It contains an embedded URI pointing to 'https://irlanc.ru/square?utm_term=how+many+cards+in+a+gwent+deck', which is the primary indicator of a phishing or malicious redirection attempt. No scripts were extracted, but the presence of the external URI strongly suggests a phishing or malware delivery vector.
Machine Learning
- Nyx PDF Classifier malicious score 0.9981
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://irlanc.ru/square?utm_term=how+many+cards+in+a+gwent+deck
- https://static1.squarespace.com/static/60bf6c89a2b0b938881bcf91/t/60f177a593f2b30038116659/1626437541819/caracol_tv_caracol.pdf
- https://static1.squarespace.com/static/60aac59fb7e9621e2f466549/t/60edb56aac23c31e62ff803c/1626191210800/wishing_i_could_hear_your_voice_again_lyrics.pdf
- https://static1.squarespace.com/static/60bf6bff0d8d387fecc8b153/t/60f687916e821513ce709c3e/1626769297666/21043117146.pdf
- https://static1.squarespace.com/static/60bf6c89a2b0b938881bcf91/t/60f1392ec08012782f81c70b/1626421550496/quantifiers_exercises_with_answers_doc.pdf
- https://static1.squarespace.com/static/60aac59fb7e9621e2f466549/t/60f43f543a33e4096de4bec0/1626619732592/biology_related_questions_and_answers.pdf
- https://static1.squarespace.com/static/60bf6bff0d8d387fecc8b153/t/60f7de35bac06a67b473917a/1626857013361/grammatical_words_and_meaning.pdf
- https://static1.squarespace.com/static/60bf6c89a2b0b938881bcf91/t/60edd3df2799685454f7f1f8/1626199007432/gilizuk.pdf
- https://static1.squarespace.com/static/60bf6cad3a95e91b59aa2418/t/60f0565baa1127077001133e/1626363483452/7761845070.pdf
- https://static1.squarespace.com/static/60bf6c89a2b0b938881bcf91/t/60f7bf879956ae4f6d4b8126/1626849159388/from_disk_cache.pdf
- https://static1.squarespace.com/static/60aac52a97a1d73ddacfe14c/t/60f4cb28db752c5e49bcb34c/1626655528502/battle_mage_flannery.pdf
- https://static1.squarespace.com/static/60bf6bff0d8d387fecc8b153/t/60f23c561d3507074213c481/1626487894837/anation_reaction_mechanism.pdf
- https://static1.squarespace.com/static/60aac52a97a1d73ddacfe14c/t/60e866492a19bc20287579a3/1625843273263/anxiety_tagalog_meaning.pdf
- https://static1.squarespace.com/static/60bf6cad3a95e91b59aa2418/t/60ec850472e2584f24636fcf/1626113284748/atheism_is_the_belief_that.pdf
- https://static1.squarespace.com/static/60aac52a97a1d73ddacfe14c/t/60f761e5a6f5704e336a18ba/1626825189430/accepted_full_movie_123movies.pdf
- https://static1.squarespace.com/static/60bf6c89a2b0b938881bcf91/t/60f59bc717054365ca786a3d/1626708935986/wetofexogulusegavimor.pdf
- https://static1.squarespace.com/static/60bf6bff0d8d387fecc8b153/t/60e8cb30dd5c0c1026ef2bbc/1625869104791/78851458595.pdf
- https://static1.squarespace.com/static/60bf6c89a2b0b938881bcf91/t/60f7e261738e220870a9a6a2/1626858081329/pofof.pdf
- https://static1.squarespace.com/static/60bf6c89a2b0b938881bcf91/t/60e7c70b5c1b8460033dd9f2/1625802507908/ribako.pdf
- https://static1.squarespace.com/static/60aac4dd19f082755c4e5c69/t/60f534aadeec581620458026/1626682538881/all_star_piano_letters.pdf
- https://static1.squarespace.com/static/60aac52a97a1d73ddacfe14c/t/60ec98b405183b3b579f390d/1626118324127/57065438864.pdf
- https://static1.squarespace.com/static/60aac59fb7e9621e2f466549/t/60e8a10218b8202efd038f99/1625858306953/43513200183.pdf
- https://static1.squarespace.com/static/60aac4e0d5abe22cec5c4b22/t/60f37fbd731d8c7c6fff666b/1626570685837/3660064212.pdf
- https://static1.squarespace.com/static/60aac4dd19f082755c4e5c69/t/60ee488d462f394a1e430ca3/1626228877940/explain_the_sexual_reproduction_in_flowering_plants.pdf
- https://static1.squarespace.com/static/60aac4e0d5abe22cec5c4b22/t/60f2131fde9f7d6ab7aeaa76/1626477343366/verimemogo.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://dejavu.sourceforge.net
- http://dejavu.sourceforge.net/wiki/index.php/License
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0001203c.bin24e56c7387c95b6503bae7b8aa6190256b4e76e797549729e34e48bcf6bac43a |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1203C | 17352 bytes |
font_01_sfnt_off00014d29.bin9d2294e344127da9ddc2b77d68b1576b6b78373885bc9da2859f180a98f2c1e1 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x14D29 | 16792 bytes |
font_02_sfnt_off00016540.bin7281b13d28fc702b21a05cc2c10d769c4790ff3cf2b10504c2b0e37eebe01d87 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x16540 | 10952 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.