MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The file is identified as malicious by ML classifiers and ClamAV, with a high risk score. It contains embedded URLs, one of which, 'https://botokaw.ru/award?keyword=jeffrey+archer+the+new+collected+short+stories+pdf', is presented in the document body, suggesting a phishing or malware lure. No scripts were extracted, but the PDF structure and embedded URIs indicate a malicious intent to redirect users to potentially harmful sites.
Machine Learning
- Nyx PDF Classifier malicious score 0.9998
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://botokaw.ru/award?keyword=jeffrey+archer+the+new+collected+short+stories+pdf
- http://arfesopt.com/cydia_impactor_ispooferiwum8.pdf
- http://tryici.xyz/waterpik_cordless_express_water_flosser_bed_bath_and_beyondpc783.pdf
- https://cdn.sqhk.co/navotezive/jb7ig32/97150442018.pdf
- http://yourbigdick.space/jupiticdm0p.pdf
- http://ehaberdevlet.com/vejibu7wh4s.pdf
- https://cdn.sqhk.co/xuxozowaki/Ggehfgj/photo_to_video_maker_for_pc_without_watermark.pdf
- http://eu-study.ru/adhesive_bonding_processzvc8r.pdf
- http://idealica-italiaofficial.site/boney_m_felicidad2tl25.pdf
- http://lirinevewafa.mypressonline.com/game_show_network_schedule_2021.pdf
- http://voirlo.xyz/free_complimentary_card_templates9q2sg.pdf
- http://manibupefif.mypressonline.com/bootstrap_4_complete_tutorial.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://2080fafa-2491-4ac3-8118-a138f33bff34.filesusr.com/ugd/822ecd_b3ac589b83e445519c899fafd573fdd5.pdf?index=true
- https://201a0bc5-0eb3-4135-8969-828875a6b07d.filesusr.com/ugd/607883_9d3e59131dae46f5a9e4ba0742a502d4.pdf?index=true
- https://4993f9ff-345c-4c03-a8ec-d4f8dac664d6.filesusr.com/ugd/debbe1_f0223f4389c845c38eedc6675f8c724a.pdf?index=true
- http://xedavabawavela.onlinewebshop.net/paul_tillich_systematic_theology.pdf
- http://goguvero.epizy.com/vapakaliz.pdf
- https://7e574f8b-ef34-4833-8dee-b18f3ac9fc91.filesusr.com/ugd/af8ffd_8852a949d9b44b47a5a8382b2e6c6349.pdf?index=true
- http://bijivepiworanoz.rf.gd/suwusonetokekek.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000100f7.binddef692d0a5f8f47b0b1d5e4dd1deeac382c0740a2a8b637cf07ac61bd156383 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x100F7 | 5424 bytes |
font_01_sfnt_off00011384.binb52394e5be006371009a17d2ee9e3ad666ba732ee5e63dd554a4b695eae44801 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x11384 | 10704 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.