MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
This PDF file was detected as malicious by ClamAV and a machine learning classifier, indicating a high likelihood of malicious intent. The document contains an embedded URL pointing to a suspicious domain, which is likely used to deliver a secondary payload or facilitate phishing. The document body, though heavily obfuscated, suggests a lure related to security policies and device usage, consistent with phishing or social engineering tactics.
Machine Learning
- Nyx PDF Classifier malicious score 0.9997
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://pelibifir.ru/wix?keyword=security+policy+prevents+use+of+camera+note+10
- https://cdn.sqhk.co/rogevuzazi/y0EyjcN/the_plague_house_m._d.pdf
- http://bupitubegedew.getenjoyment.net/37732135582.pdf
- http://xafesuvorolivig.scienceontheweb.net/2709502486.pdf
- https://static.s123-cdn-static.com/uploads/4486036/normal_5ff81e8a884ab.pdf
- https://cdn-cms.f-static.net/uploads/4379222/normal_603338e718107.pdf
- http://xosuxifareg.22web.org/washington_state_football_depth_chart_2018.pdf
- http://valuburikodajad.medianewsonline.com/wutubuvorabijozesogubibum.pdf
- https://cdn.sqhk.co/binisomomup/jEghjdo/worship_songs_2020_bethel.pdf
- https://cdn-cms.f-static.net/uploads/4452148/normal_60340973ad2fe.pdf
- https://cdn-cms.f-static.net/uploads/4502920/normal_600e22e534119.pdf
- http://lagulatobir.iblogger.org/womitexomavubarukidus.pdf
- https://cdn.sqhk.co/gadukupuwe/dIjiSZb/vetipaxufef.pdf
- https://cdn.sqhk.co/dujovibipu/fKjhgg3/dream_island_codes_halloween.pdf
- https://cdn.sqhk.co/takejirasomu/gjjLWii/king_ball_playground_game.pdf
- http://fisujerekuvij.getenjoyment.net/jejereli.pdf
- https://cdn.sqhk.co/negapevu/hi9KDih/79876721648.pdf
- http://deliwubavamir.mypressonline.com/proofs_involving_similar_triangles_worksheet_answer_key.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- http://www.daltonmaag.com/
- http://gejonutopufone.rf.gd/66593200550.pdf
- https://s3.amazonaws.com/feliso/55339896327.pdf
- https://s3.amazonaws.com/zesixefe/the_office_season_3_episode_8_transcript.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000f11d.bin7a9ce8e78381a42945c23a428d1f4c90c6f0fea0d0787ca76ba4dcab132b6604 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xF11D | 5500 bytes |
font_01_sfnt_off000103c6.binfe06a4d402bc75ee238aff1e3d82864f1a80ab99a1d9f479a734c58893e044fe |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x103C6 | 10388 bytes |
font_02_sfnt_off0001274f.binff5f0ef16caf3e97cd1984b3a03ea88e11eab8cf63d2ee006085a4b9995833f3 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1274F | 4324 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.