MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF file was flagged by ML classifiers and ClamAV as malicious, specifically as a phishing trojan. It contains numerous embedded URLs, with the primary one being https://jottigo.ru/wix?keyword=lightspeed+zulu+2+manual, suggesting a lure to a malicious site. Although no scripts were explicitly extracted, the PDF structure and embedded URLs indicate a phishing attempt, likely leveraging embedded JavaScript for malicious actions.
Machine Learning
- Nyx PDF Classifier malicious score 0.9997
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://jottigo.ru/wix?keyword=lightspeed+zulu+2+manual
- https://cdn.sqhk.co/zevijevam/djcqyge/skyblock_seed_for_minecraft_pe_2019.pdf
- http://parazepurafeza.medianewsonline.com/cerere_schimbare_permis_auto_2020.pdf
- https://donikigegetala.weebly.com/uploads/1/3/4/3/134311768/9865493.pdf
- http://rijunoje.mygamesonline.org/45084950135.pdf
- http://pifafixejizigu.scienceontheweb.net/como_convertir_un_documento_a_word_en_mac.pdf
- https://rinulokol.weebly.com/uploads/1/3/4/8/134868038/nixes.pdf
- https://xorizelipuv.weebly.com/uploads/1/3/1/6/131637744/nudukonejagu.pdf
- https://cdn.sqhk.co/wigalefu/jhiaZFM/32725775162.pdf
- https://pikotawikeju.weebly.com/uploads/1/3/4/4/134496208/3850987.pdf
- https://sugasukeni.weebly.com/uploads/1/3/4/8/134878852/tunuluno-busekuled-gosuponiwojodab-kiveguvawab.pdf
- https://cdn.sqhk.co/bimolixumotu/jhibXtv/hero_of_archery_hack_mod.pdf
- https://muxetomanudone.weebly.com/uploads/1/3/1/4/131406273/pibomaf.pdf
- http://worameruvejaka.mywebcommunity.org/zawaseke.pdf
- http://lesifipi.22web.org/chemistry_chapter_19_test_answers.pdf
- https://cdn.sqhk.co/foroboreb/jhgghf9/demuberatufuxomevapi.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- http://jijalikutigo.epizy.com/airtel_4g_wifi_hotspot_manual.pdf
- https://952d9f4b-853a-4e85-af28-23c4d489d487.filesusr.com/ugd/8db125_d6050e55eb1c4568b32a2ced49f01bf0.pdf?index=true
- http://suduxegowur.onlinewebshop.net/jefafibiwofojizafadaj.pdf
- https://69868269-04aa-4a0d-8379-1371762fd556.filesusr.com/ugd/d8beff_00164b8c77744a7299c9a1d5096c9135.pdf?index=true
- http://jexaziled.rf.gd/jira_confluence_templates.pdf
- http://kesewoge.rf.gd/86771144624.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000e58c.bin7d688c34809717267441ce7200b5c7139efe47ac38992680705783a4ae96ea5f |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xE58C | 5400 bytes |
font_01_sfnt_off0000f7d3.bined383136d58b059f2362f8f17cdc897436f93ff9ae592363fc3943cfab640963 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xF7D3 | 12456 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.