MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF file was detected as malicious by ML classifiers and ClamAV, indicating a high likelihood of malicious intent. It contains an embedded URL that, when accessed, likely leads to the download of a malicious payload. The document body, though heavily obfuscated, suggests a lure related to interview questions, a common tactic for phishing or malware distribution.
Machine Learning
- Nyx PDF Classifier malicious score 0.9998
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://vilenefex.ru/award?keyword=star+behavioral+interview+questions+and+answers+pdf
- http://kirudikegopoded.sportsontheweb.net/types_of_isomerism_in_coordination_compounds.pdf
- https://cdn.sqhk.co/lokiwejawe/dbhapZu/11044121400.pdf
- https://cdn.sqhk.co/xarozowuzosa/xgfhcgi/fake_caller_application.pdf
- http://mazoxobiziwikut.iblogger.org/61937359278.pdf
- http://gatowixipeba.mywebcommunity.org/91066027794.pdf
- http://kesevosidavob.22web.org/pajevarukuxirukusadasuvuz.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://uploads.strikinglycdn.com/files/47085ffc-d8a2-4ec0-8267-1cb0c7f64d03/wimil.pdf
- https://uploads.strikinglycdn.com/files/86f15474-8ca4-414d-b959-8f8c6ddb971b/munokimapudoxulepugapiwij.pdf
- https://uploads.strikinglycdn.com/files/07499629-e0f8-4bab-87b1-e3eeaf75f1d9/10645884043.pdf
- http://zofududa.rf.gd/81446822010.pdf
- https://uploads.strikinglycdn.com/files/12f3258c-6972-453c-b3c6-8f4c08f6c8ef/81724386512.pdf
- http://jasukapikubov.rf.gd/kagivibubafazet.pdf
- http://difafoj.rf.gd/roland_td-6v_review.pdf
- https://uploads.strikinglycdn.com/files/71ef82fc-c64a-4cd1-b76d-688979a67a82/chick_fil_a_breakfast_filet_nutrition_facts.pdf
- https://uploads.strikinglycdn.com/files/e9807df0-c0c1-46ce-8669-6b48dab3a5ce/what_kind_of_cream_does_dunkin_donuts_use_in_iced_coffee.pdf
- https://uploads.strikinglycdn.com/files/46eb5218-c61d-4993-936a-23bc9118ed20/diccionario_espaol_portugues.pdf
- https://uploads.strikinglycdn.com/files/fa53a0a2-9ce1-4b96-b95d-1924c5c75c33/where_can_i_get_my_bose_wave_repair.pdf
- https://uploads.strikinglycdn.com/files/33ee5ef4-93b4-4ce6-bf21-2acee41ecf38/59656350268.pdf
- http://wazewatiduxuz.epizy.com/92963417050.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000ff1f.bin88ef5cb79814a9c8a929bd638054f0c82f23623c9a38760124352afb6900b36f |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xFF1F | 5652 bytes |
font_01_sfnt_off00011261.bin6525aabd9847ec2541a4a09dda920cfba811e4b0a9610a9a2e61344f3dc312a5 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x11261 | 10980 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.