MALICIOUS
116
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF document uses a lure impersonating a signing service, as indicated by the 'SE_DOCUSIGN_LURE' heuristic. It contains an embedded URI pointing to 'dafemum.ru', which is likely a phishing or malware distribution domain. The ML classifier and ClamAV detection strongly suggest malicious intent, likely related to phishing or malware delivery.
Machine Learning
- Nyx PDF Classifier malicious score 0.9996
Heuristics 5
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
Document signing service impersonation lure medium SE_DOCUSIGN_LUREDocument impersonates DocuSign, Adobe Sign, or a similar signing service in a signing-request context
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://dafemum.ru/strik?utm_term=what+does+adobe+acrobat+standard+2017+do PDF link annotation
- https://cdn.sqhk.co/valujoper/ejfjfKG/2_player_co_op_games_online_free.pdfIn PDF document text
- http://soul-felt.com/catalogo_perfiles_de_aluminio_boschmok5y.pdfIn PDF document text
- http://avtoshkola-region26.ru/96260087939up7d3.pdfIn PDF document text
- https://cdn.sqhk.co/difigobon/d7jpTij/87689681449.pdfIn PDF document text
- http://gemajesubon.22web.org/anydesk_for_windows_server_2012.pdfIn PDF document text
- https://cdn.sqhk.co/zadoweferoxe/sjfhbtA/cooking_fever_casino_stopped_giving_gems.pdfIn PDF document text
- https://cdn.sqhk.co/perolurowona/yJjerif/1762798782.pdfIn PDF document text
- https://cdn.sqhk.co/monasomeb/gimKHij/valuation_of_interest_rate_swaps.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- http://www.daltonmaag.com/In PDF document text
- https://uploads.strikinglycdn.com/files/e04eec80-7e9b-4b2a-af27-285ec2ffb6af/lasko_tower_fan_with_ionizer_troubleshooting.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/4bd5d171-f140-4bc9-b045-8b061b18f370/bissell_little_green_pro_portable_carpet_cleaner_2505_target.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/cbadf833-2eb6-46cf-b411-1d684394c330/jefoboz.pdfIn PDF document text
- https://s3.amazonaws.com/gowupuzokowuxes/off_road_simulator_games_pc_free.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/591439af-c48b-4bd5-b3ae-843f8912b7b8/lilowipoginazobefuk.pdfIn PDF document text
- https://s3.amazonaws.com/laginekux/bolens_lawn_mower_repair_manual.pdfIn PDF document text
- http://zaxifopusuviz.epizy.com/how_much_money_does_a_plexus_diamond_ambassador_make.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/c61c8ef4-9a3b-4fc0-ab39-f2ed4989ae40/kubla_khan_poem_shmoop.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/3ceb8391-85ce-4b04-8164-4a2d76bb18b9/harry_potter_book_5_quizzes.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/54aef087-d285-477b-8c30-3b0c198fab9d/frame_analysis_examples.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/c4a56839-a766-44e6-8de9-49cb2e8ca325/timex_shock_ironman_instructions.pdfIn PDF document text
- https://s3.amazonaws.com/davawina/garden_answer_2019.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/cbb28864-6d4d-4929-920b-ae83ab401954/conflict_management_in_the_workplace.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000114fc.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x114FC | 5296 bytes |
SHA-256: 2a3be1f2a5632639e08f662bf0062962f3b5332c1a1a896986604ff6270a5824 |
|||
font_01_sfnt_off000126ff.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x126FF | 11208 bytes |
SHA-256: 652ccd0ddb226059baa7ab6cec5f4e8685ff6b2e1d9fb60c3a75119810517242 |
|||
font_02_sfnt_off00014d62.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x14D62 | 4324 bytes |
SHA-256: 9f355172d696dda274cac500966718f112ce76951f19577ac4888987ea6471b2 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.