MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The file is identified as malicious by ML classifiers and ClamAV, with a high risk score. It contains an embedded URI pointing to a suspicious domain, 'kuzutuzo.ru', which is likely used to host a phishing page or distribute malware. The PDF structure and embedded content suggest it's designed to trick users into visiting this external resource.
Machine Learning
- Nyx PDF Classifier malicious score 0.9998
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://kuzutuzo.ru/wix?keyword=margaritaville+tahiti+manual
- http://jorowijedo.mywebcommunity.org/basic_math_word_problems_quiz.pdf
- http://idealslimitaly-official.site/how_to_repair_ryobi_battery_chargerbj0bo.pdf
- http://oneitstore.info/sweet_sinner_torrentke85a.pdf
- http://gebuhrenfrei-mein.com/what_is_enlightenment_summaryx37mc.pdf
- http://baderezu.scienceontheweb.net/vodadutufebexomozolad.pdf
- http://liwadaxezaf.getenjoyment.net/xidevodiroluvimupot.pdf
- http://kipegujodup.getenjoyment.net/ramimixupozoxoxowuz.pdf
- http://sy0n.icu/41704806865fw3yd.pdf
- http://pewadulojuba.mypressonline.com/cell_phones_for_sale_in_meridian_idaho.pdf
- http://good-production11.site/jack_and_the_beanstalk_story_with_pictures4q1s2.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://8860adff-7f0b-4cf3-a358-cdd560dff136.filesusr.com/ugd/625844_a264308ae829426d9d0480d2d66812a3.pdf?index=true
- http://gonegexunu.myartsonline.com/bad_blood_john_carreyrou_free.pdf
- https://99470c7d-c692-4648-a7b8-36ea19db2883.filesusr.com/ugd/ab059d_29115bb8abd844088a547ba1e31506b7.pdf?index=true
- https://cee4c475-053c-4dec-97e8-987d41263e46.filesusr.com/ugd/8c25c6_d69ffb2008484fbd820bbcdd0e98bc18.pdf?index=true
- https://e6c529cc-411f-4195-b5ea-7b5fd081490a.filesusr.com/ugd/b7ab08_3fc30d3f59e84415806926717ed11431.pdf?index=true
- http://fajenadiwizowo.atwebpages.com/jagidow.pdf
- https://356bbf58-84af-4bff-99a9-d03346e46411.filesusr.com/ugd/b5472a_f0a675a97d1747c3ba99e26d43a5eb25.pdf?index=true
- http://xumuritikoxuk.myartsonline.com/1413138359.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00010014.bin30389db9a58a6c04185d926938e2fa4db3f6288279bc2b5221b3385a824c003d |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x10014 | 4984 bytes |
font_01_sfnt_off000110ef.bin576c6c6ba993763db1a18ebbbc382132bcb1c6e04de0aca606a56bcc713512b3 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x110EF | 12744 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.