MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF file was flagged by ML classifiers and ClamAV as malicious, indicating a high likelihood of malicious intent. It contains an embedded URI pointing to 'fokemale.ru', which is likely used to redirect the user to a phishing or malware distribution site. The document body, though heavily obfuscated, suggests a lure related to 'A clash of kings bookscool', reinforcing the phishing pretext.
Machine Learning
- Nyx PDF Classifier malicious score 0.7559
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://fokemale.ru/strik?utm_term=a+clash+of+kings+bookscool
- https://ximesadi.weebly.com/uploads/1/3/0/9/130969353/nuwigogeru.pdf
- https://juwizezajofop.weebly.com/uploads/1/3/1/6/131637218/4768808.pdf
- https://wesuzekubiw.weebly.com/uploads/1/3/1/6/131607103/votenibilo.pdf
- http://dewisazovuvoxi.mywebcommunity.org/living_in_harmony_with_nature_definition.pdf
- http://xazowagef.mypressonline.com/39842342358.pdf
- http://wulutapebime.getenjoyment.net/silepusavaxupat.pdf
- http://linunewilut.mywebcommunity.org/official_gre_verbal_reasoning_practice_questions_free_download.pdf
- http://rekijiwowak.scienceontheweb.net/99859907713.pdf
- http://xawegap.mywebcommunity.org/powerex_mh-c9000_manuale_italiano.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- http://xarujubapemir.epizy.com/intranasal_midazolam_guideline.pdf
- http://wufikemofumop.atwebpages.com/fenikutogimapukuzutisa.pdf
- http://gamuxazibosiko.rf.gd/how_to_troubleshoot_submersible_pump.pdf
- https://f87ce62f-3d5d-4c42-bff3-2e7d00444551.filesusr.com/ugd/72ed28_379fd1f2d9aa47d8b86bc9c36c791390.pdf?index=true
- https://f0f855fd-29d2-4bf6-9fdd-af1de8d1f91d.filesusr.com/ugd/184831_15ea37b000204250aa67981f501cb9d2.pdf?index=true
- http://koradanizepagow.myartsonline.com/bosch_serie_4_dryer_manual.pdf
- http://gotuwutusefaw.epizy.com/black_and_decker_edger_manual.pdf
- http://tamikukezinubi.rf.gd/faravazimonikesewovum.pdf
- http://wulibazosuxib.onlinewebshop.net/88461657307.pdf
- https://254a6a59-343e-4b7e-907c-c4819e171fff.filesusr.com/ugd/decf6f_e4e6c7fd97a24dbc8843b59d7a6ad9b8.pdf?index=true
- http://nojavunol.epizy.com/dupuwaperasita.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00097e6c.bin72aa5496ab283946ec3f0e520985b1514c4c70759fcc79b26f96847bdc322631 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x97E6C | 5240 bytes |
font_01_sfnt_off00099055.bine9d1f7a977a1d501225d614b5622e5efa636430bd15af5cbad01ad91f306aa71 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x99055 | 10684 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.