MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF file contains an embedded URL that directs users to a website offering a PDF download, disguised as a popular manga. This URL is likely part of a phishing or malware distribution scheme. The ML classifier and ClamAV detection strongly indicate malicious intent, classifying it as a phishing trojan.
Machine Learning
- Nyx PDF Classifier malicious score 0.9812
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://pelibifir.ru/wix?keyword=in+another+world+with+my+smartphone+volume+4+pdf PDF link annotation
- https://cdn-cms.f-static.net/uploads/4426701/normal_5fdb312b69393.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4420031/normal_603ea61328881.pdfIn PDF document text
- https://zefojakafi.weebly.com/uploads/1/3/0/7/130776787/kunexoxamuvovu.pdfIn PDF document text
- https://luzulobopado.weebly.com/uploads/1/3/2/6/132681737/mixopagewopa.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4460473/normal_5ffbbfcac615f.pdfIn PDF document text
- https://nulesurusisozi.weebly.com/uploads/1/3/4/7/134744420/momonasejalasideda.pdfIn PDF document text
- http://xogunajeraxuda.mywebcommunity.org/58791858924.pdfIn PDF document text
- https://zedunuburow.weebly.com/uploads/1/3/4/0/134042823/4818774.pdfIn PDF document text
- http://bosuxezaxad.mypressonline.com/35824968516.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://cf336f9a-6a79-4542-9269-5b62d6eb69dd.filesusr.com/ugd/1daf83_1f2f684e06244d729f23beff735dd6c2.pdf?index=trueIn PDF document text
- https://87164119-88a6-4d6d-a72f-b109cf2d88b9.filesusr.com/ugd/bd0a66_55df9884d76f425f900ce28a4295c491.pdf?index=trueIn PDF document text
- https://30f21d72-2b41-4965-a7bc-2abb02bf1ded.filesusr.com/ugd/47e66e_f63226447c3e47b08bd247abdd477b9d.pdf?index=trueIn PDF document text
- http://jajogagek.atwebpages.com/zezamexedatejode.pdfIn PDF document text
- https://e668d0bc-6b9c-4787-ac64-5363b724ef62.filesusr.com/ugd/6ec699_8c7c6746d4d24e819bda69b60df1117a.pdf?index=trueIn PDF document text
- https://e86c6366-0652-46cb-9e1f-5633a133dba9.filesusr.com/ugd/510a18_a9dc7592070b4fc2b070df56493dbe26.pdf?index=trueIn PDF document text
- https://bd15da75-ee01-4ad3-8b22-4778d9929f37.filesusr.com/ugd/1abc29_6e3e8b24346647b5999e00d0ee21bcc0.pdf?index=trueIn PDF document text
- https://1b53f64c-3596-40ff-86ea-95cec8902569.filesusr.com/ugd/838e7e_f39dfc2dbe2043d68e7cb00e093276c4.pdf?index=trueIn PDF document text
- https://30c0d994-bee2-4d79-bc91-d4aaa7251653.filesusr.com/ugd/0962d9_f6c07244a1f14d33aba9066e4dd004d7.pdf?index=trueIn PDF document text
- http://pasifowon.atwebpages.com/how_to_integrate_cosxex.pdfIn PDF document text
- https://c0cead0d-5248-483d-940e-95cc3acd9bde.filesusr.com/ugd/20d83a_69a4f94fb67444638afc3f3799187345.pdf?index=trueIn PDF document text
- https://a72a44ae-2aae-4d6a-a6c4-235301d0a62e.filesusr.com/ugd/57436b_32be74bb4e3f4f9b82d814a6f2a006cd.pdf?index=trueIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
- http://dejavu.sourceforge.netIn PDF document text
- http://dejavu.sourceforge.net/wiki/index.php/LicenseIn PDF document text
Extracted artifacts 4
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0002a6d1.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x2A6D1 | 7980 bytes |
SHA-256: b32a9b56bd26195ecb28782d666ca4302591b495f9808d5db0f00c3354d693fb |
|||
font_01_sfnt_off0002c1ca.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x2C1CA | 5560 bytes |
SHA-256: fa03f2e29854a37e685e25f120e97fb010cd5e6a1f5e2d38f8a16a0e15a70276 |
|||
font_02_sfnt_off0002d4b0.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x2D4B0 | 14284 bytes |
SHA-256: b05c427c6d5c37cd37a0c3f7dc746b2cadaa1dd27463403b1a065bf346dc5a88 |
|||
font_03_sfnt_off0003007e.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x3007E | 16336 bytes |
SHA-256: 4f03c742312e75387520e0badaffc7df56522679cf170f6f66a4baf702d06c6f |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.