MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The file is identified as malicious by ML classifiers and ClamAV, with a high risk score. It contains an embedded URI pointing to a suspicious domain, likely intended to deliver a payload or phish for credentials. The document body, though heavily obfuscated, suggests a lure related to 'Bss telecom pdf'. No scripts were extracted from this sample, but the presence of external URIs and the overall malicious verdict strongly indicate a phishing or malware distribution attempt.
Machine Learning
- Nyx PDF Classifier malicious score 0.8606
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
-
External URI info PDF_URIPDF contains an external URL action
-
PDF differential parser failed info PDF_DIFFERENTIAL_PARSE_FAILEDThe cross-check parser (pdfminer.six) failed on this file: PDF differential parser failed: PDFSyntaxError. Static heuristics still ran and any of their findings above are valid; only the differential cross-check signal is missing.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://dugedepap.ru/award?keyword=bss+telecom+pdf
- http://dvestideyli.xyz/small_dutch_tool_chest_plansegj1b.pdf
- https://cdn.sqhk.co/loxepafigav/hfd0F2S/paralyzed_diaphragm_treatment.pdf
- https://cdn.sqhk.co/jimevexir/gTjihjH/93241581221.pdf
- http://cetakchantek.com/63239073738rp5gk.pdf
- https://cdn.sqhk.co/gasupewu/F7ifFmG/english_song_lyrics_for_caption.pdf
- http://lolkek.xyz/430927525736qo4i.pdf
- http://car-den.ru/what_is_new_classic_interior_design5ynw9.pdf
- http://varnisvakq.ru/aiag_vda_fmea_free_downloadbq96b.pdf
- https://cdn.sqhk.co/kodivitedi/hdEhgGU/30901362687.pdf
- http://1xbet-football.fun/knights_of_the_old_republic_xbox_one_controls3z3em.pdf
- http://wipunemobak.mygamesonline.org/42682474241.pdf
- http://dirtygirl.fun/romantic_whatsapp_status_video_free_download_punjabivhawv.pdf
- http://belldiscount.ru/dell_u2515h_displayportwb910.pdf
- https://cdn.sqhk.co/wamiratena/gf8hfWC/93949903340.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://s3.amazonaws.com/gulapore/bushnell_telescope_manual_78-_9960.pdf
- https://8a5a474a-a671-4857-921d-d1df0ee72544.filesusr.com/ugd/523716_6d020d90292e4b8595e40f9958fb4114.pdf?index=true
- https://s3.amazonaws.com/jesidofefe/digitech_gnx3_review.pdf
- http://bupalim.atwebpages.com/zavabakapajexumim.pdf
- http://vumovofun.onlinewebshop.net/vesizigotireg.pdf
- https://3bcdeb60-9876-4d14-bc0a-1dd1632c647c.filesusr.com/ugd/16a96a_f39659ebb9dc4b2cb41c5b9125e113d3.pdf?index=true
- https://6cbe2f5c-748b-4bc6-b691-25a968a47885.filesusr.com/ugd/d6b5da_eade00ceb2f24f9a9af5890326b6dee1.pdf?index=true
- https://s3.amazonaws.com/fujadabez/84600384906.pdf
- http://gepafelixadu.onlinewebshop.net/jititogugepebopevakeboso.pdf
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00012e36.binc46e3520ae98b1577cf6370e5c958324e0059f0a113a495f98b581392f7ab0e9 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x12E36 | 5044 bytes |
font_01_sfnt_off00013f58.bin4faab3c5e22ca872f70446f4ec01d5029b175e59a646b9547700787bc7fb2822 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x13F58 | 11104 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.