MALICIOUS
66
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The file is identified as malicious by ClamAV with a signature indicating it is a phishing trojan. The embedded URL `https://jacksth.ru/award?keyword=botanica+oculta+paracelso+pdf+gratis` suggests a lure to download a PDF, likely to deliver a payload or phish for credentials. While no scripts were explicitly extracted, the PDF structure and embedded URIs are indicative of a malicious document designed to trick users into clicking links.
Machine Learning
- Nyx PDF Classifier clean score 0.0029
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://jacksth.ru/award?keyword=botanica+oculta+paracelso+pdf+gratis PDF link annotation
- https://cdn-cms.f-static.net/uploads/4416128/normal_60544bc1f2c14.pdfIn PDF document text
- http://shop-kid-toys.online/497310216633cqt9.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4412570/normal_605fae79860a4.pdfIn PDF document text
- http://stixlife.info/good_morning_gif_hd_photos0za7d.pdfIn PDF document text
- http://ourfanz.com/87960433502yo1ir.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4375195/normal_60250e0070ade.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4426409/normal_5fdc7e954c3aa.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4454281/normal_605409e5dd9b5.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4411246/normal_6003f8ef18e54.pdfIn PDF document text
- http://edapog.online/canada_reporter_quality_control_agent_review46ih4.pdfIn PDF document text
- http://trastqort.online/steelseries_arctis_7_mic_too_quiet50psv.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4491687/normal_60691e4b1837a.pdfIn PDF document text
- http://uplrezina.site/samsung_nu8500_curved_4k_uhd_smart_tv_55-inchr5smg.pdfIn PDF document text
- http://nosinoski.shop/sofewumezagadelipijugs08g.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4456166/normal_5fe3f5ceb1019.pdfIn PDF document text
- http://healthytrands.com/operational_amplifier_circuits_design_and_applicationayq16.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4422367/normal_605a29d752d41.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4488555/normal_5feb9ba7821db.pdfIn PDF document text
- http://fedorahosted.org/lohitIn PDF document text
- http://www.opentle.orgIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- http://smc.org.in)MeeraRegularMeera2016SMC7.0.0+20171102HussainIn PDF document text
- http://smc.org.inhttp://smc.org.inIn PDF document text
- http://scripts.sil.orgThisIn PDF document text
- http://www.indictrans.orgIn PDF document text
- http://www.thdl.org/http://www.thdl.org/TibetanIn PDF document text
- http://leporib.epizy.com/act_practice_test_download.pdfIn PDF document text
- https://s3.amazonaws.com/rawesaragegugar/9886913524.pdfIn PDF document text
- http://xopemaw.rf.gd/nozakitonafopadafibu.pdfIn PDF document text
- https://s3.amazonaws.com/fadupazageraf/diabetes_in_pregnancy_guidelines_2019.pdfIn PDF document text
- https://s3.amazonaws.com/dowadotiju/pozovukufibo.pdfIn PDF document text
- http://lezebotetojezaz.epizy.com/96272435580.pdfIn PDF document text
- http://bunaziwafifa.epizy.com/kogawibizajosojexet.pdfIn PDF document text
- http://wosolebaxuwutux.rf.gd/qsc_k12_for_sale_used.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://dejavu.sourceforge.netIn PDF document text
- http://dejavu.sourceforge.net/wiki/index.php/LicenseIn PDF document text
- https://savannah.gnu.org/projects/freefont/In PDF document text
- http://www.gnu.org/licenses/In PDF document text
- http://www.gnu.org/copyleft/gpl.htmlIn PDF document text
- http://scripts.sil.org/OFLIn PDF document text
- http://www.gnu.org/licenses/gpl.htmlIn PDF document text
- https://gitlab.com/smc/meera/blob/master/COPYINGIn PDF document text
+13 more URL(s)
Extracted artifacts 24
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
stream_018_off000cb0ba.bin |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0xCB0BA | 343756 bytes |
SHA-256: de434415ab565e3825c71f03353ed3f85192ace30fadf62f0124604dbfe14a49 |
|||
stream_019_off0010a78f.bin |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x10A78F | 60964 bytes |
SHA-256: b2e6688a72507abaaf8111e13ff50bd0d3e03488d807cecd9c5b336cb603ed9d |
|||
stream_028_off0011a7ac.bin |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x11A7AC | 18812 bytes |
SHA-256: 9d6f8451ddb9d5a8320bb50006e5b602dadf869de48b3fb1da9c3f5bdd29c1d1 |
|||
font_00_sfnt_off000a40ae.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xA40AE | 2672 bytes |
SHA-256: a899cad933ae27416fa8dd3fe45eae745c0c286e89e84f1f8deac58a8c832d89 |
|||
font_01_sfnt_off000a4ba8.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xA4BA8 | 6108 bytes |
SHA-256: 9fc11c8bbc9b1b6fcc6578b9bdac1ecf2f33fafbc9b1c507820894f3af3697ef |
|||
font_02_sfnt_off000a5b82.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xA5B82 | 156052 bytes |
SHA-256: 564d98ecb6abb29a224430c8cc7f494fd165e33b8802ee6ba7980cef81c32523 |
|||
font_03_sfnt_off000bd841.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xBD841 | 5372 bytes |
SHA-256: 4cc3de0c4d4ab60853ea82de9028a28c748d25964ce7832490b85ca260084a12 |
|||
font_04_sfnt_off000beaa2.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xBEAA2 | 2600 bytes |
SHA-256: 57457d782375d8d1d8f9f0a2992ba2e8951198e95ef9c8d85274c2cadfe32503 |
|||
font_05_sfnt_off000bf4a9.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xBF4A9 | 2648 bytes |
SHA-256: e2a893aa34065968fb31e57ef029c23957e11d0aa87a41940dd4727a635eab14 |
|||
font_06_sfnt_off000bff3f.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xBFF3F | 109684 bytes |
SHA-256: a3504328bcee159d70ac7e6015d6050f3d39fa0ef20c7999ff1cf4dd7c5132a5 |
|||
font_07_sfnt_off000c73d9.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xC73D9 | 2284 bytes |
SHA-256: 79564874c1edeed80e901b3d3c832d816d8f58b14c4140224a55847445719efd |
|||
font_08_sfnt_off000c7daf.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xC7DAF | 18712 bytes |
SHA-256: 0413db75701b4085f9cf8f7d3141206137ba2e6834e6cfb43f254b9d992e2830 |
|||
font_11_sfnt_off00112533.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x112533 | 21564 bytes |
SHA-256: 7790736159a4094f45a22f18a01b5f5de00be6b258d06a475c091188e510e302 |
|||
font_12_sfnt_off00114706.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x114706 | 8512 bytes |
SHA-256: 249b74f0e61a34d95a12385d305153422da10b2ebceb72e575f4f86704fb7690 |
|||
font_13_sfnt_off00115ba8.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x115BA8 | 4164 bytes |
SHA-256: 7563384b38662b8a823bd38e1a7da50a6883c6d5b2edcb9f7e6f864cd95aa1d2 |
|||
font_14_sfnt_off001168cd.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1168CD | 4056 bytes |
SHA-256: 67de7609c80b880f175b9989a049fecfee67ab7a9aacf817f155f2af14e8edeb |
|||
font_15_sfnt_off001176e1.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1176E1 | 4200 bytes |
SHA-256: 1baa94d303ebb0bb56013b84c7de8f85989820db1fa34e8c29063bb1f029e8c6 |
|||
font_16_sfnt_off001183c6.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1183C6 | 2384 bytes |
SHA-256: 07165995783aebd5b0e2da2a28c5aac1752e0714358047654b179d3da7afaa68 |
|||
font_17_sfnt_off00118d83.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x118D83 | 4108 bytes |
SHA-256: 0273222113c6ab4a369af21fef96078a0735dab552c631efc55791e59cd1895e |
|||
font_18_sfnt_off00119a5a.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x119A5A | 4148 bytes |
SHA-256: 6741c6396bff8c23489abdd78e2a04db795256cd44ffa251b18a371b2cca555a |
|||
font_20_sfnt_off0011d895.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x11D895 | 4600 bytes |
SHA-256: 093b5b220ded1aa8040af07228acdc75acf263e783533d6a52b590ab88a04ea5 |
|||
font_21_sfnt_off0011e9df.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x11E9DF | 1920 bytes |
SHA-256: de1a8f2efbe856416a699561123bbd1dca92c4bf130b68bb33de8e10d905cb9f |
|||
font_22_sfnt_off0011f350.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x11F350 | 10720 bytes |
SHA-256: 2d1e069eb2dc7f5c1a1b8fbf0541023f436da9dbc432e21ea65541e713d06435 |
|||
font_23_sfnt_off0012053c.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x12053C | 14292 bytes |
SHA-256: a336b08ad1ea16d1018a2b552ca50214ab5050d8440c82a6e1f6a8b53deeaeb8 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.