MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The file is a PDF document that contains an embedded URL pointing to a suspicious domain, likely intended to trick the user into downloading further malware or phishing for credentials. The ML classifier and ClamAV detection strongly indicate malicious intent, classifying it as a phishing trojan. No scripts were extracted, but the presence of external URIs suggests a download or redirection attempt.
Machine Learning
- Nyx PDF Classifier malicious score 0.9998
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://pelibifir.ru/award?keyword=physical+and+chemical+properties+of+cadmium+pdf
- http://plsale.pro/layoff_notice_california_templatekmsmj.pdf
- http://blankid.ru/bootstrap_template_for_asp._net_websitesbokk.pdf
- http://lnstagramsupportinfo.com/98206676027h4no0.pdf
- http://auto-agents.space/napakae0con.pdf
- http://stepka2016.xyz/the_uglies_book0830w.pdf
- http://8gusevshop.space/25326699965mssrc.pdf
- http://knitfqph.site/discover_canada_citizenship_guide_audio9qsqw.pdf
- http://presentinsta.online/54590787325t3u0w.pdf
- http://electriccannoz.club/john_deere_js40_for_salecdrre.pdf
- http://idealslimitalia-oficial.site/8376881455025kae.pdf
- http://zubiki.top/honda_eu2200i_companion_parallel_cableuc92m.pdf
- http://gegejobusi.22web.org/lucifer_season_4_episode_guide.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://6363ce23-9394-4102-a476-7be320345719.filesusr.com/ugd/7c41c1_c0a83647dcc745d09abc622e87cc4fc4.pdf?index=true
- http://mirijevedot.epizy.com/what_is_the_setting_in_the_story_of_hansel_and_gretel.pdf
- http://maxisoluxutur.epizy.com/51822976501.pdf
- http://wiroweri.rf.gd/comparatives_and_superlatives_lesson_plan.pdf
- https://uploads.strikinglycdn.com/files/234ed80c-69b4-4b39-b00b-104d52b5e48a/15574013347.pdf
- http://juxudawalugevop.epizy.com/dewomumelerofagonasilobu.pdf
- https://7ed754b6-a209-4558-9281-0032c7ee8ade.filesusr.com/ugd/4329d7_b0d2c7252d4d44029d391c890efcd9a6.pdf?index=true
- https://uploads.strikinglycdn.com/files/c36af7e1-ef77-4010-b2b4-914009fed9ba/kimujobiwobuk.pdf
- https://uploads.strikinglycdn.com/files/29a2a86c-f9ef-4a31-b5ae-28114543f07d/dulikit.pdf
- https://uploads.strikinglycdn.com/files/cb33ad16-22ea-459d-8246-904615b091f5/which_cleans_teeth_better_oral_b_or_sonicare.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0001ac46.bin8ea1617702007e0ef0b1bb42b70f09db69ce1c691f7448ee93d413dc6c890681 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1AC46 | 5496 bytes |
font_01_sfnt_off0001bed5.bindbecade8d81799cd085128c3569fc8349d476eaf8ffedc677067aa4053a298a1 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1BED5 | 16232 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.