MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The file is a PDF document that contains an embedded URL pointing to a suspicious domain, identified by ClamAV as Pdf.Phishing.Trojan. The ML classifier also flagged this PDF as malicious with high confidence. The document body, though partially corrupted, suggests a lure related to 'Como decorar mi corona de adviento' (How to decorate my Advent wreath), indicating a phishing or social engineering attempt to drive users to the malicious URL.
Machine Learning
- Nyx PDF Classifier malicious score 0.9991
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ponafet.ru/strik?utm_term=como+decorar+mi+corona+de+adviento
- http://rotiwopofeze.mywebcommunity.org/xabiz.pdf
- http://xamojopilupivo.scienceontheweb.net/joduturekuvutuwotoruf.pdf
- http://manidat.sportsontheweb.net/school_budget_sample.pdf
- http://ig-about.net/juruvajevovanajisudrjey3.pdf
- http://prizinsta.online/marvel_future_fight_quicksilver_guidev2g9e.pdf
- http://joweponula.mywebcommunity.org/safety_razor_kit_merkur.pdf
- http://psylath.com/106490503727r1r9.pdf
- http://rotiwopofeze.mywebcommunity.org/kojimudexasuviwibo.pdf
- http://findssldz.xyz/photoshop_cs3_serial_number186yw.pdf
- http://zijafanovidiz.sportsontheweb.net/vosaritixewumumebajigu.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://s3.amazonaws.com/jezekemunidup/fadurop.pdf
- https://s3.amazonaws.com/zafaronivaj/archeage_2019_gold_guide.pdf
- http://ximuxulizi.myartsonline.com/2063618010.pdf
- http://molagegivijoxu.onlinewebshop.net/2005_ford_mustang_gt_for_sale_craigslist.pdf
- https://s3.amazonaws.com/setigafat/abordagem_qualitativa_e_quantitativa.pdf
- http://dajomilot.atwebpages.com/product_brochure_sample.pdf
- http://viniwowosur.onlinewebshop.net/52771520606.pdf
- https://s3.amazonaws.com/somisilegex/54575850716.pdf
- http://romofimor.onlinewebshop.net/child_development_and_pedagogy_books_in_tamil.pdf
- https://s3.amazonaws.com/kewakuko/91276819051.pdf
- https://s3.amazonaws.com/gulapore/mapa_cercanias_renfe_madrid.pdf
- https://s3.amazonaws.com/nonabafat/25136019533.pdf
- https://s3.amazonaws.com/zafaronivaj/29603794102.pdf
- http://segimoto.myartsonline.com/basic_questions_and_answers_for_interview.pdf
- https://s3.amazonaws.com/xarojapi/61138400657.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000f433.bin6fab506b29d83d86eb391758485f183abaaf5cd805570ab3e79e32f7768053b2 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xF433 | 4840 bytes |
font_01_sfnt_off0001048d.bin3aee7bf9b8af37718299b1b4db8b948f9ef6a0930500adf3e7f6f98d322cb9c5 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1048D | 11564 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.