MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The file was detected as malicious by ClamAV and an ML classifier, indicating a high likelihood of malicious intent. The embedded URL points to a suspicious domain, likely serving as a lure for phishing or malware distribution. Although no scripts were explicitly extracted, the PDF structure and embedded URLs suggest an attempt to redirect the user to a malicious site, potentially for further exploitation.
Machine Learning
- Nyx PDF Classifier malicious score 0.9988
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://jacksth.ru/strik?utm_term=fantasy+basketball+who+should+i+start
- http://reliables.ru/tilumk35us.pdf
- https://cdn.sqhk.co/ferudati/ijOhduY/the_diplomat_s_wife_blog.pdf
- http://podarokinsta365.site/77770062750twbz.pdf
- http://bioforce-co.site/brave_disney_movie_free63d2p.pdf
- http://fimuvukabiwijad.22web.org/lagu_percaya_aku_gabriella_uyeshare.pdf
- http://rawenspant.online/mockingjay_book_serieslu78z.pdf
- https://cdn.sqhk.co/ramejolir/iaoicvo/12422303292.pdf
- http://businessoutsourcing.info/lujiji1fdv.pdf
- http://fakumosadipi.iblogger.org/88668984076.pdf
- http://mujuwowewo.22web.org/miwivixijuw.pdf
- http://selozufuwadapuw.66ghz.com/hitman_blood_money.pdf
- https://cdn.sqhk.co/mobirewin/jdhfacp/wiring_rj45_female_connector.pdf
- https://cdn.sqhk.co/fapetemiji/jhggagi/giwutanibapuza.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- http://www.daltonmaag.com/
- https://s3.amazonaws.com/nuxomigo/norawazosevuzijojusi.pdf
- http://zukuvib.rf.gd/delavan_lake_wi_fishing_report.pdf
- http://gabigirinekib.rf.gd/83344286897.pdf
- http://jumezezufa.rf.gd/adobe_reader_for_linux_64_bit.pdf
- https://s3.amazonaws.com/zifilobesumafi/xudodusopaziduteroni.pdf
- https://s3.amazonaws.com/saziwijaxodav/fedolotitugewid.pdf
- https://s3.amazonaws.com/wobuzisibal/96333869249.pdf
- http://vowukexakajan.rf.gd/davigofedosopuw.pdf
- http://buwijakuwomem.rf.gd/fumuzeduvipiwidurunipug.pdf
- http://kanuximus.rf.gd/dijobixopanopilisokib.pdf
- http://tewegaza.epizy.com/ww2_us_navy_divers_knife.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0001075e.bin3ac6cd7148aca000463210d04c964fa73a9b9f4d063f1cc415b0d9ce0099a69a |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1075E | 5148 bytes |
font_01_sfnt_off000118e7.bin35cdb8a514857997f3474699d93f9f7bba98f758eea2ad0055d24944dae4772f |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x118E7 | 11500 bytes |
font_02_sfnt_off00013f91.bin0d0f64e27578eb124b8bc81c7eceacdd166e22eddd95c81328e9fbd7de2a6333 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x13F91 | 4324 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.