MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The file is a PDF document flagged by multiple heuristics and a machine learning classifier as malicious, with ClamAV identifying it as a phishing trojan. It contains an embedded URI pointing to 'https://jumiwimov.ru/123?utm_term=ardy+cloak+1+guide', which is a strong indicator of a phishing or malware distribution attempt. The document body, though heavily obfuscated, contains text fragments that suggest it is intended to be a guide, likely a lure.
Machine Learning
- Nyx PDF Classifier malicious score 0.9998
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://jumiwimov.ru/123?utm_term=ardy+cloak+1+guide
- https://static.s123-cdn-static.com/uploads/4451350/normal_5fcd5276c4b15.pdf
- http://xusatijugezi.iblogger.org/94855078136.pdf
- http://rivozuzeno.mywebcommunity.org/sparknotes_richard_iii_act_1_scene_4.pdf
- http://auto-fishing-rods1.club/how_to_make_fermented_fruit_juice_fertilizermkg16.pdf
- http://stakingyfi.com/credit_agricole_cib_email_formatg68tg.pdf
- https://static.s123-cdn-static.com/uploads/4373986/normal_5fee779585461.pdf
- http://najisemure.medianewsonline.com/what_does_it_mean_to_be_down_a_rabbit_hole.pdf
- https://cdn-cms.f-static.net/uploads/4403406/normal_60310da29ea31.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://d54d55f4-8004-4613-9f19-7b96cbed0ae7.filesusr.com/ugd/ce4b32_bbb280f3f9284aa19ddccf9e2f32432c.pdf?index=true
- http://vudemiziwifimo.epizy.com/16937672045.pdf
- http://jubadoloje.epizy.com/def_of_plastic_deformation.pdf
- https://uploads.strikinglycdn.com/files/eafe8c5e-e6d7-42e4-baf1-2c7479f7d9a0/is_girl_boss_having_a_season_2.pdf
- https://uploads.strikinglycdn.com/files/c5e872d9-1b56-4830-b0ef-3cca69ea6793/13628773521.pdf
- http://bujitajaxo.epizy.com/revenue_model_powerpoint_template.pdf
- http://tazodeb.epizy.com/celebration_of_discipline_richard_foster.pdf
- https://def26600-86c9-4442-a738-094ddf2992d1.filesusr.com/ugd/eb5a6a_39cef05aed554bb284acd8f719a9c9c5.pdf?index=true
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000e92a.bin0f48932dbf6d885bd0d21453516da051475e3b08656186f4ad2dbdc5f3866d06 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xE92A | 5136 bytes |
font_01_sfnt_off0000fac3.bin029cfb7c234a2bc22debbdfa3852c1739763809d7d7e3ad79352c3d252bcea45 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xFAC3 | 10536 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.