MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF was flagged by ML classifiers and ClamAV as malicious, specifically as a phishing trojan. It contains an embedded URI pointing to a suspicious domain, likely intended to redirect the user to a phishing site. The document body is heavily obfuscated and contains metadata indicating it was generated by wkhtmltopdf, suggesting it may be a crafted lure.
Machine Learning
- Nyx PDF Classifier malicious score 0.9998
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://xezojetit.ru/123?utm_term=el+alzheimer+es+hereditario+pdf
- https://cdn.sqhk.co/satukevaguka/himaOXN/42497687942.pdf
- http://jafujofefi.iblogger.org/toberibikerukaxaripi.pdf
- https://cdn.sqhk.co/lirerafi/ihgcqOT/pixel_buds_2_review.pdf
- https://cdn.sqhk.co/kekelivig/Whigejh/64289072284.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://uploads.strikinglycdn.com/files/30ece53b-2cc9-4f62-af9e-f3f5788a5f4c/karen_m_mcmanus_one_of_us_is_lying_series.pdf
- https://uploads.strikinglycdn.com/files/a3d9f74b-6534-4daa-ba36-a4382656f454/5_techniques_of_time_management.pdf
- https://uploads.strikinglycdn.com/files/5db1f1db-f713-46ba-ac6c-105142f7a5d5/85635632862.pdf
- https://uploads.strikinglycdn.com/files/e4d2f0ba-69e7-4efd-a52c-d58a6fa8550a/fearless_adam_brown_movie_release_date.pdf
- https://uploads.strikinglycdn.com/files/7b5534d8-b536-4372-96ee-54f2d6cf0d47/who_makes_the_best_gas_water_heaters.pdf
- http://liviwofuxa.epizy.com/pasadiru.pdf
- http://jexuzutipeku.epizy.com/anthony_burgess_earthly_powers.pdf
- https://uploads.strikinglycdn.com/files/f4baf424-3439-461e-9f22-92d5d190a666/dexetu.pdf
- https://uploads.strikinglycdn.com/files/233fb2bc-8c22-4e5f-9376-e177aaa58be7/kodak_easyshare_c813_price_in_india.pdf
- http://fejusadifidexi.epizy.com/crusaders_of_light_pvp_guide.pdf
- http://dalotidel.epizy.com/weber_grill_replacement_grates.pdf
- http://teruxarudo.epizy.com/english_vocabulary_exercises.pdf
- https://uploads.strikinglycdn.com/files/26dccd39-825a-441e-b8e4-869a993f4bdb/gramatica_ingles_basico_para_principiantes.pdf
- http://nurejorafu.epizy.com/zuvesasisifiroxuvezetek.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000e809.bin82ef2c91950fd5b708f592453c85ec6cb691d56cd72b2d41aa843c4ab7b9f92a |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xE809 | 5288 bytes |
font_01_sfnt_off0000f9df.bind920260a3bfaed73df5661ddefc1e8cf4b707b69664d0ba89eeb239d7946888c |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xF9DF | 11696 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.