MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF file contains an embedded URL that redirects to a malicious domain, likely intended to phish user credentials or deliver a payload. The ML classifier and ClamAV detection strongly indicate malicious intent. The document body, though heavily obfuscated, suggests a lure related to search results or order documents.
Machine Learning
- Nyx PDF Classifier malicious score 0.9998
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://botokaw.ru/wix?keyword=neverwinter+searching+the+present+recover+order+documents
- https://cdn.sqhk.co/vefusujix/BjaqT4W/40952210458.pdf
- http://opencabinets.xyz/stihl_chainsaw_ms170_idle_adjustmenty9qga.pdf
- http://100p-f.ru/13577652490ze27o.pdf
- http://moneyindia.site/tafebegefadevetem.pdf
- http://martakkord.ru/what_is_hardware_and_software_short_answereuruo.pdf
- http://goodsun.space/drawing_angles_worksheet_grade_5k0182.pdf
- https://cdn.sqhk.co/vaxarogajib/bXEghha/18328001517.pdf
- http://nigasheff.xyz/19290098606wr3rd.pdf
- https://cdn.sqhk.co/lituxopevuk/7xSgfjc/dropwizard_tutorial_youtube.pdf
- http://karaulovlife.site/vaaste_full_hd_video_song_free4q3af.pdf
- https://cdn.sqhk.co/bepeguvovori/gjc8jbc/is_acellus_power_homeschool_accredited.pdf
- http://turistik-a.ru/panegukovevevupuvatunz0zen.pdf
- http://job-finder.space/bein_sports_turkey_tv_guidezmtf2.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://3d7304b5-8527-495f-b913-615d6f357a43.filesusr.com/ugd/ef7486_ad7dfa7ba9444e2e8ecfd3039d14e4a1.pdf?index=true
- https://72cdfa97-b5fe-44cc-9aa9-3142b5aa642a.filesusr.com/ugd/ee32c9_a8b03e2e36254043a7e5d8c8bb9084e7.pdf?index=true
- https://ced6af22-cf5f-4df0-9cd6-2d424634d287.filesusr.com/ugd/3eed2b_f47d1e741715407d878bd393cf084315.pdf?index=true
- https://4541bc1c-e35c-4de3-bb44-1f53c3e1a56d.filesusr.com/ugd/68f66e_5c8d582ea39f4d66825b0c81b55e95f8.pdf?index=true
- http://jedejetitafabi.rf.gd/resumen_capitulo_7_y_8_de_etica_para_amador.pdf
- http://libizokize.rf.gd/certificate_of_achievement_template_ppt.pdf
- https://aefbb2f1-1cfc-4a48-aab2-d72547d84173.filesusr.com/ugd/2f3ac6_560afbb07c114649b2dfc8246e784714.pdf?index=true
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000c7df.bin32ddaefc60fd30ffee359a4b432d1ec8045aa19c3c5b98465081669af4eb2aaf |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xC7DF | 5576 bytes |
font_01_sfnt_off0000daca.bin6630a78ebf7053ceae87923063788ff12a79c3a95376a43f35f7bbead7e4bee5 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xDACA | 10428 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.