MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The file is a PDF document detected by ClamAV as Pdf.Phishing.Trojan. It contains an embedded URI pointing to a suspicious domain, 'bologen.ru', which is likely part of a phishing or malware distribution scheme. The document body is heavily obfuscated, but the presence of PDF-specific heuristics and the external URI strongly suggest an attempt to redirect the user to a malicious site.
Machine Learning
- Nyx PDF Classifier malicious score 0.9993
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://bologen.ru/wix?keyword=genetics+problem+set+%25231+mendelian+genetics+answers
- http://thelait.pro/dirt_devil_easy_lite_7.2v_manualxu4td.pdf
- http://fruitslope.online/89618723702ltf16.pdf
- http://goldenframecollision.com/986116954470urmw.pdf
- http://qwonder.space/novamotrdmk0.pdf
- http://inertbhjbj.ru/sifipipijix4q2t.pdf
- http://vykupavto54.ru/msdart_windows_10_isomc9mx.pdf
- http://remont-pc.website/vaxokusesenutadijobug1lxnw.pdf
- http://volosaty100.xyz/sugar_lyrics_flo_ridaxsllw.pdf
- http://trastenmyqort.online/60172836486lylxz.pdf
- http://damvglaz2.xyz/legion_artifact_weapon_guidefjkdy.pdf
- http://fokenatefadef.iblogger.org/61382588519.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://39c3e2ba-dcb8-4bc0-9ed7-0058f02c59d5.filesusr.com/ugd/fd4c29_da8317bba606468685206324f38d95b9.pdf?index=true
- http://rebobimakefeli.epizy.com/the_caligula_effect_trophy_guide_and_roadmap.pdf
- https://s3.amazonaws.com/dazuxujepov/beautiful_crochet_stitches_youtube.pdf
- https://uploads.strikinglycdn.com/files/75319faf-ab4d-42a8-9bcd-380d0d6a9c61/south_carolina_drivers_permit_renewal.pdf
- https://d6921c5e-ad40-47a8-8d28-605c6bd4eeef.filesusr.com/ugd/3306a4_8eaa94756c0e43588162ccd6485a89e1.pdf?index=true
- https://s3.amazonaws.com/winumigutam/compare_ohsen_watch_to_apple_watch.pdf
- https://2791e1c6-719d-47aa-bdc5-1556df251b63.filesusr.com/ugd/7757c5_90dc24e9038a4e9b97c41b0589700681.pdf?index=true
- https://s3.amazonaws.com/sazariwapa/firefox_version_52._8._0.pdf
- http://xowirife.rf.gd/fumuvafu.pdf
- https://uploads.strikinglycdn.com/files/81304b1e-684b-476a-b963-daeb421c973d/how_much_coffee_to_put_in_keurig_reusable_filter.pdf
- https://s3.amazonaws.com/jotizifime/84985829003.pdf
- http://deweget.rf.gd/sale_agreement_format_in_tamil.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000d20e.binc01001cc6de88e35fa6f569940a131d4a323a0d19438afa02b1bbe764d1e73e3 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xD20E | 5040 bytes |
font_01_sfnt_off0000e31e.bin0078f4481128832d4488154bb792e76556ffe9c532dda31093092fdd1ff071a4 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xE31E | 11176 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.