MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The file is a PDF document that contains an embedded URL pointing to a suspicious domain. The ML classifier and ClamAV detection strongly indicate malicious intent, likely related to phishing or malware distribution. The document body, though heavily obfuscated, suggests a lure related to exam preparation materials, aligning with common social engineering tactics.
Machine Learning
- Nyx PDF Classifier malicious score 0.9998
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://kuzutuzo.ru/strik?utm_term=pmp+exam+prep+rita+mulcahy+9th+edition+pdf+free+download
- https://cdn-cms.f-static.net/uploads/4465133/normal_602924352b6bb.pdf
- https://static.s123-cdn-static.com/uploads/4416934/normal_5fee464f45551.pdf
- https://cdn-cms.f-static.net/uploads/4410016/normal_6054dcb2e8261.pdf
- https://static.s123-cdn-static.com/uploads/4378613/normal_5ffa3a0da7020.pdf
- https://cdn-cms.f-static.net/uploads/4392470/normal_601a17f2b51f1.pdf
- https://cdn-cms.f-static.net/uploads/4503617/normal_60435e3f64546.pdf
- https://static.s123-cdn-static.com/uploads/4383571/normal_5ff947b45d2cc.pdf
- https://cdn-cms.f-static.net/uploads/4448985/normal_604fc7cedc549.pdf
- https://static.s123-cdn-static.com/uploads/4379043/normal_5fe46506bd3ce.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://uploads.strikinglycdn.com/files/dafd674d-788a-47c8-943b-acd06d8eba2b/39670235558.pdf
- https://uploads.strikinglycdn.com/files/bbecd4a7-cf6d-4523-bffe-81478aa2cde5/blood_bowl_2_skaven_team_builds.pdf
- https://s3.amazonaws.com/nakuzafol/palajeleraba.pdf
- https://s3.amazonaws.com/mesotodimus/rebavakabakigasoku.pdf
- https://uploads.strikinglycdn.com/files/67178c58-e602-4e09-bcf5-883997613ee7/how_to_help_a_child_with_separation_anxiety_at_school.pdf
- https://uploads.strikinglycdn.com/files/7a6819f0-9e06-4806-88d3-bc3ea6eec600/how_to_make_lay_z_spa_pump_quieter.pdf
- https://uploads.strikinglycdn.com/files/8c8bc770-18c3-4570-b298-7328d2851252/our_mathematical_universe_summary.pdf
- https://uploads.strikinglycdn.com/files/9176e902-185e-4640-9fd7-8035e608eb5e/28452364423.pdf
- https://uploads.strikinglycdn.com/files/7bcb9de0-37c3-4711-8df6-53310544aa58/75692816397.pdf
- https://s3.amazonaws.com/tazibabebamep/hp_aruba_switch_firmware.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000f6f1.bindcc21693092e83284fb1a6cfff3de611b58ac9789edbccab2b9dac22db2497f0 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xF6F1 | 5636 bytes |
font_01_sfnt_off00010a13.bin04ba342b6a4261f00b24fc49f626190f83c5048ebcd39dd9c346bf0b000acd1c |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x10A13 | 11644 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.