MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF file was flagged by ML classifiers and ClamAV as malicious, specifically as a phishing trojan. It contains an embedded URI pointing to 'fokemale.ru', which is likely a malicious domain used to host phishing content or distribute further malware. The document body, though heavily obfuscated, references a movie title, suggesting a lure to entice users to click on the malicious link.
Machine Learning
- Nyx PDF Classifier malicious score 0.9995
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://fokemale.ru/123?utm_term=blade+runner+movie++in+tamilrockers PDF link annotation
- https://cdn-cms.f-static.net/uploads/4417213/normal_5fd1636377938.pdfIn PDF document text
- https://static.s123-cdn-static-d.com/uploads/4426830/normal_60b6a096a61a5.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4408180/normal_60656c3b6c668.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4380543/normal_605173f1b38e9.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- http://fedorahosted.org/lohitIn PDF document text
- https://uploads.strikinglycdn.com/files/a60b0663-f6d9-4522-8aa2-fd30de5e677d/commonly_confused_words_practice_worksheet_answers.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/790f623a-1826-408c-b1d4-3777c2c1ee79/paint.net_export_as.pdfIn PDF document text
- http://kipizasuzeda.pbworks.com/f/gre_practice_exam_with_answers.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/9a58dfaf-cb62-4392-a3fc-c82305bded80/80929417136.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/0377ce3c-5d79-4783-ae98-6a75812e6acd/why_isnt_my_samsung_sound_bar_working.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/2cdabb60-bab1-47f9-91b8-3dd51297e805/go_math_grade_5_chapter_8_answer_key.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/7dbf5eaf-25e5-4d49-8537-8b477f896e0e/10031503211.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/5d3a6685-0ebe-4925-aaac-82b20f846441/moccamaster_kbg_741_review.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/f57e489b-f5e0-4993-aee7-a99486fea6bf/xijumelov.pdfIn PDF document text
- http://zalonuzojeru.pbworks.com/w/file/fetch/144449883/26823690932.pdfIn PDF document text
- http://gafuxexosaru.pbworks.com/w/file/fetch/144549918/is_hustlers_on_netflix_australia.pdfIn PDF document text
- http://nidibewuzi.pbworks.com/f/tesevevokimanesodedopin.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/d2ba7194-aaca-47fc-a8d3-c0d44fc88be5/64979479398.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/938bd0a3-0de9-461a-91ba-3bd255dfad32/m-audio_fast_track_usb_mkii.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/09997ddc-09a4-4384-9de0-e6d4ccd0090d/whirlpool_gold_refrigerators.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/064c9576-2fa5-466f-94fa-c18e8c9362f2/descargar_geometry_dash_mod_apk_2.11.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/7c9e4405-f2f9-48ac-b00d-e000204279b9/29864581078.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/4ed0ca71-c630-4c4e-8854-bf8a4a83b984/vozixuru.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000fd30.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xFD30 | 5256 bytes |
SHA-256: 249f421ad3a28855709d824ceaa8f583c2df51d439ab967f68e198b59a32d01f |
|||
font_01_sfnt_off00010f01.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x10F01 | 3416 bytes |
SHA-256: 1bb8711a3264a4ee27a694591ca304dba520aa2dd4cbeeb8979e88d84d7a3161 |
|||
font_02_sfnt_off00011c13.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x11C13 | 12372 bytes |
SHA-256: 26a18bde95c4573fccb11b613f8f351f9e8c6d239144231f07f45eb0c961c5db |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.