MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF file was flagged by ML classifiers and ClamAV as malicious, specifically as a phishing trojan. It contains an embedded URI pointing to a suspicious domain, which is likely part of a phishing or malware distribution scheme. The document body, though heavily obfuscated, suggests a lure related to "Benin culture" to entice users to click the malicious link.
Machine Learning
- Nyx PDF Classifier malicious score 0.9997
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://xezojetit.ru/award?keyword=benin+culture+pdf
- https://cdn-cms.f-static.net/uploads/4427085/normal_6017066f5233b.pdf
- http://xijilufaligamox.22web.org/motekokuwa.pdf
- https://cdn-cms.f-static.net/uploads/4490263/normal_6047678dc8e5f.pdf
- https://cdn-cms.f-static.net/uploads/4475852/normal_5fe8772105154.pdf
- https://static.s123-cdn-static.com/uploads/4500430/normal_5fc69e779634b.pdf
- https://static.s123-cdn-static.com/uploads/4474988/normal_5fe51d8d6fa2a.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://110e4d57-0078-4740-85eb-c883b260ab93.filesusr.com/ugd/d55797_f4a02c8d692d48db893db369e68cb4d9.pdf?index=true
- https://uploads.strikinglycdn.com/files/8cb9ca37-d5d5-4fc6-af14-5f62dc5c66b2/xujup.pdf
- http://gipanitefoj.epizy.com/95583656592.pdf
- https://6baea7ca-81e4-4a11-8410-716433a99462.filesusr.com/ugd/764aaa_379a66807dfe4bd4b48b96034ea2e4b1.pdf?index=true
- http://riramemixezu.epizy.com/vururobinodirawagazudana.pdf
- https://uploads.strikinglycdn.com/files/3ef00a99-2cfd-47dd-895c-e337f826d511/wupikoj.pdf
- http://lejominikezig.rf.gd/83026503378.pdf
- http://fobifuv.epizy.com/java_swing_tutorial_download.pdf
- https://73af689e-4c80-4f62-99d3-7a886641ad81.filesusr.com/ugd/3b5dd9_40d7e05e0f7c4b30b90866d6f017b7c2.pdf?index=true
- http://xejuzilawa.rf.gd/construction_project_schedule_template_in_excel.pdf
- http://kidured.epizy.com/86662462841.pdf
- http://wamigorudazuz.epizy.com/evangelho_de_lucas_hernandes_dias_lopes_download.pdf
- http://sawelisibov.rf.gd/platicas_de_seguridad_para_mina_subterranea.pdf
- https://uploads.strikinglycdn.com/files/2f8550ea-4a9d-4df0-93e6-a3b266f46140/2004_polaris_scrambler_500_service_manual.pdf
- http://ninesunugata.epizy.com/78675740953.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000d778.bin06e922a0e8dcf94a44e6ea274247ba1ef4042eb269e061da547a8ad928954b09 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xD778 | 4812 bytes |
font_01_sfnt_off0000e7e7.bina562911ca13f177f0516718e303007f32ec56838731d04b3cb785a542765250f |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xE7E7 | 10400 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.