MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
The file is a PDF document flagged by ClamAV as Pdf.Phishing.Trojan. The ML classifier also strongly indicated maliciousness. An embedded URI points to a Google feedproxy URL, which in turn likely redirects to a malicious site. While no scripts were explicitly extracted, the PDF format can embed JavaScript, and the presence of a phishing-related detection suggests an attempt to trick the user into visiting a harmful link.
Machine Learning
- Nyx PDF Classifier malicious score 0.9947
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://feedproxy.google.com/~r/sq/ugae/~3/rCno-htTzZk/square?utm_term=cuaderno+de+ejercicios+ingles+sin+barreras
- https://static1.squarespace.com/static/60aac4e0d5abe22cec5c4b22/t/60ec83a867baa26076bbbfef/1626112936772/pixitowekalijesof.pdf
- https://static1.squarespace.com/static/60aac4dd19f082755c4e5c69/t/60f1d1ffd9443d5fafdc2145/1626460671575/pojowaletotizafesi.pdf
- https://static1.squarespace.com/static/60aac59fb7e9621e2f466549/t/60f7189c8ceaaa40250ea7be/1626806428554/hat_in_my_hand_meaning.pdf
- https://static1.squarespace.com/static/60bf69b23f3791685666e32d/t/60ee8684b1dcdf258dabc05b/1626244740187/gabeso.pdf
- https://static1.squarespace.com/static/60aac4dd19f082755c4e5c69/t/60fa5b1ecfaaf110f69753cd/1627020062732/zaxunogakuwi.pdf
- https://static1.squarespace.com/static/60bf6cad3a95e91b59aa2418/t/60e8c6aa684b4e19c9c6505e/1625867946797/mulidosom.pdf
- https://static1.squarespace.com/static/60aac5994c6b1805bc4acbdb/t/60edbac2629ffd0e3632ac01/1626192578786/auto_generated_message.pdf
- https://static1.squarespace.com/static/60aac4dd19f082755c4e5c69/t/60f5b863a67fca73e14b9b3a/1626716259451/future_continuous_with_going_to.pdf
- https://static1.squarespace.com/static/60aac4dd19f082755c4e5c69/t/60e82f95dbb92d34f5b20490/1625829269553/what_do_i_feed_chickens_stardew_valley.pdf
- https://static1.squarespace.com/static/60aac4dd19f082755c4e5c69/t/60e9497ac91b61347ea4dad1/1625901434473/gidawe.pdf
- https://static1.squarespace.com/static/60aac5994c6b1805bc4acbdb/t/60f23fb6668793736d25f866/1626488758999/what_does_the_church_of_jesus_christ_of_latter_day_saints_believe.pdf
- https://static1.squarespace.com/static/60bf6c89a2b0b938881bcf91/t/60f3979f6f491d4a1ff4bbd5/1626576799773/to_say_that_a_price_ceiling_is_binding_is_to_say_that_the_price_ceiling.pdf
- https://static1.squarespace.com/static/60aac59fb7e9621e2f466549/t/60e7eb57bab0621613390e16/1625811799370/whistlestop_fried_green_tomatoes_recipe.pdf
- https://static1.squarespace.com/static/60aac4e0d5abe22cec5c4b22/t/60f70902ccb7fd02061dd99f/1626802434262/50609602143.pdf
- https://static1.squarespace.com/static/60bf6cad3a95e91b59aa2418/t/60f175ef0a71fd0da9b08c55/1626437103978/31048367257.pdf
- https://static1.squarespace.com/static/60aac4dd19f082755c4e5c69/t/60ee0fa97426fb5109f15c09/1626214313658/find_the_height_of_cylinder_whose_radius_is_7_cm_and_the_total_surface_area_is_968_cm_square.pdf
- https://static1.squarespace.com/static/60aac59fb7e9621e2f466549/t/60fa15c5d3b2bd58044af8c1/1627002309406/30168502178.pdf
- https://static1.squarespace.com/static/60aac4e0d5abe22cec5c4b22/t/60e88d61c4746d4c4c784838/1625853281166/79051348771.pdf
- https://static1.squarespace.com/static/60bf6c89a2b0b938881bcf91/t/60ee80f32af4c01978009042/1626243315680/58805378325.pdf
- https://static1.squarespace.com/static/60bf6bff0d8d387fecc8b153/t/60e85cadc9a8680b3d8356f5/1625840813786/etched_ring_dark_souls.pdf
- https://static1.squarespace.com/static/60aac5994c6b1805bc4acbdb/t/60ee8fc60a53c127f5dcdef0/1626247110469/god_created_7_days_pictures.pdf
- https://static1.squarespace.com/static/60aac4e0d5abe22cec5c4b22/t/60f0e2026e32095df97fe259/1626399235024/96684165571.pdf
- https://static1.squarespace.com/static/60bf6bff0d8d387fecc8b153/t/60f9fb34e34ee5752362a1f6/1626995508605/23212301968.pdf
- https://static1.squarespace.com/static/60aac59fb7e9621e2f466549/t/60ee1ab5114e6b7b7de44dbd/1626217141277/29501285663.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://dejavu.sourceforge.net
- http://dejavu.sourceforge.net/wiki/index.php/License
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000f03e.bin7633cb2666d91ecaf56676194b5d11aab719c2e05b2921abdfe1e4ce073bee25 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xF03E | 10848 bytes |
font_01_sfnt_off0001091a.bin9d2294e344127da9ddc2b77d68b1576b6b78373885bc9da2859f180a98f2c1e1 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1091A | 16792 bytes |
font_02_sfnt_off0001212c.bin60694bc1605e1a3b681ca0d510166099b7803c953b3899a66140339a0d070673 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1212C | 18312 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.