MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF file was detected as malicious by ML classifiers and ClamAV, indicating a high likelihood of malicious intent. The document body, though heavily obfuscated, contains a URL that appears to be a lure related to administrative leave. This URL is likely intended to redirect the user to a phishing or malware distribution site.
Machine Learning
- Nyx PDF Classifier malicious score 0.9996
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://seumenha.ru/strik?utm_term=how+long+can+you+be+put+on+administrative+leave
- https://cdn-cms.f-static.net/uploads/4412895/normal_603a61cc35163.pdf
- https://cdn.sqhk.co/titukopano/ayGgiji/neon_night_city_launcher_theme_mean.pdf
- https://cdn.sqhk.co/bulunazi/ih9u3qr/dalegogipazupibemoxef.pdf
- https://cdn.sqhk.co/vuvapolaxaj/hfBidEJ/ski_safari_adventure_time_online.pdf
- https://cdn-cms.f-static.net/uploads/4493209/normal_600bbcf25b54e.pdf
- https://static.s123-cdn-static.com/uploads/4421468/normal_60062d752fb89.pdf
- https://cdn.sqhk.co/kawonidoza/ii2Fji0/13301542153.pdf
- https://cdn.sqhk.co/xeduwukaxusa/ehfhcid/stickman_parkour_game_apk.pdf
- https://cdn.sqhk.co/vulovosovem/jbbK6JS/godanabogilasexogele.pdf
- http://sdfsdfsdf.shaketorch.com/english_to_french_words.pdf
- https://cdn-cms.f-static.net/uploads/4383688/normal_60152975dfd01.pdf
- https://cdn-cms.f-static.net/uploads/4489241/normal_602f43c37acce.pdf
- https://cdn.sqhk.co/gulijolane/hakgjiP/alone_movie_2020_ending_explained.pdf
- https://cdn.sqhk.co/baruduwege/jcjgegd/blundstone_boots_womens_size_9.pdf
- https://cdn.sqhk.co/nejisakatok/heuHjeP/sijejujajowurode.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- http://woduzubede.epizy.com/types_of_accidents_in_the_workplace.pdf
- https://s3.amazonaws.com/zerejibixupav/bitrise_android_workflow.pdf
- https://s3.amazonaws.com/wopari/rufojokavugew.pdf
- http://kivakup.rf.gd/60443890841.pdf
- https://s3.amazonaws.com/bejenosugede/73666815047.pdf
- http://gesosogo.rf.gd/gebuxupo.pdf
- https://s3.amazonaws.com/jupoti/various_layout_templates_available_in_powerpoint_presentation.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000ec0d.bin65898fc49596b34c4355dfed1e340dfb559b082d8b4e98fd9baf3026cd2d79dc |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xEC0D | 5748 bytes |
font_01_sfnt_off0000ffa4.bin4fa6bb18b95cf6257b12296ce4b77815ffe8db43820e0c706882e237aefbcf97 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xFFA4 | 10152 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.