MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF file was detected as malicious by ML classifiers and ClamAV, indicating a high likelihood of malicious intent. The embedded URL and document body suggest a phishing lure related to a Vizio TV update. Although no scripts were explicitly extracted, the PDF format can embed JavaScript, which is often used in such attacks to redirect users to malicious sites.
Machine Learning
- Nyx PDF Classifier malicious score 0.9998
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://bologen.ru/wix?keyword=vizio+d24-d1+update
- https://cdn.sqhk.co/mudifuto/Dwjalbv/62827210428.pdf
- https://cdn.sqhk.co/virurewev/ibjjp69/call_of_duty_warzone_download_ps4.pdf
- https://cdn-cms.f-static.net/uploads/4482858/normal_5fda1b0c645d1.pdf
- https://cdn.sqhk.co/jufijejebu/hfjcOuy/zagojo.pdf
- https://cdn-cms.f-static.net/uploads/4386829/normal_60508ccea9be5.pdf
- https://cdn.sqhk.co/nuxezitowefi/fiaBOGP/drastic_ds_emulator_apk_patched.pdf
- https://static.s123-cdn-static.com/uploads/4476434/normal_5fcd402bd9f9d.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://eaae50f7-3b1c-4f1b-9b3c-e2a48377569d.filesusr.com/ugd/b96e41_0e6431a0bf0441f885af9bdc40dbf5a0.pdf?index=true
- https://uploads.strikinglycdn.com/files/4756cbd6-49d8-46dd-bf92-bef23ffe9422/surikedagapigeguna.pdf
- https://3df06c22-1e8a-4082-8cc2-a0fdc0609706.filesusr.com/ugd/d86e81_d06f8c9c6e1b441a8a88a5524d4386c1.pdf?index=true
- https://uploads.strikinglycdn.com/files/5054bff8-d966-402e-94db-33cfc95cef56/pexafunodivanez.pdf
- https://s3.amazonaws.com/dadupawo/notificationcompat_android_import.pdf
- https://uploads.strikinglycdn.com/files/f2b0e012-0454-45ff-8155-44a7efae3f0e/94289703021.pdf
- https://s3.amazonaws.com/patilawasu/cacfp_enrollment_form_ny.pdf
- https://247e77cc-5367-4382-8586-7c5891409f42.filesusr.com/ugd/2dbf5a_6bf432b02e2b4d748463239a6bd4eec9.pdf?index=true
- https://e1eccfe9-8888-4f52-a155-e9c8e84e0752.filesusr.com/ugd/4fb05f_fe08c2a34ed84b988f770fd5d3f4095e.pdf?index=true
- https://s3.amazonaws.com/zabevog/post_office_verify_app_for_android.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000fe40.bin001ccfeeb5a5a23452f5608c59b25c379c58481587a17231e8ef51c815481d34 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xFE40 | 4968 bytes |
font_01_sfnt_off00010f5a.bin146495dfa0a0f1c40a16cb695e17f92c7d89c5a11dbcc634f939a659d44d63f3 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x10F5A | 10364 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.