MALICIOUS
104
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF contains a heuristic indicating a download button lure and an embedded URI pointing to a suspicious domain. ClamAV detection and ML classification strongly suggest malicious intent, likely phishing or malware distribution. The embedded URL is the primary indicator of a potential download or redirection to a malicious site.
Machine Learning
- Nyx PDF Classifier malicious score 0.9992
Heuristics 5
-
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
-
Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTONDocument contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://synerhu.ru/pbw?utm_term=windows+10+iso+file+for+virtual+machine PDF link annotation
- https://static.s123-cdn-static.com/uploads/4465690/normal_5fe1139623526.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4392647/normal_6024346da042d.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4421943/normal_5fced5ae9d5b4.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4447270/normal_604714a32cc4a.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- http://www.daltonmaag.com/In PDF document text
- https://uploads.strikinglycdn.com/files/73dbb2cf-2de3-41ae-b028-4466f591ee34/delonghi_magnifica_s_cappuccino_descaling_instructions.pdfIn PDF document text
- http://domewisisu.pbworks.com/w/file/fetch/144925773/inequalities_review_worksheet.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/137b62e9-aed6-406c-a8f1-0967378a77f2/download_vampire_diaries_season_1_1080p.pdfIn PDF document text
- http://divogatupum.pbworks.com/w/file/fetch/144880254/30022932345.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/e831cc76-6c1c-40da-8689-24dbcfd776b1/berserk_manga_tomo_1.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/d73857be-ed5f-434f-a47e-4b6aac38f9bd/28521015011.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/aa18bc64-a58e-42a9-99c7-c2519e03b631/tefajelobebakijinodi.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/54612b9b-8358-4366-95f7-eeed60480bbb/7058433051.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/92e7cf6a-bb5a-4016-ab92-4b59343890df/quadratic_formula_word_problems_worksheet.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/14601121-df59-4cfd-b218-06bae2275531/safety_dance_glee.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/acc82c60-7807-430e-ae1e-261490e89e4b/90637714022.pdfIn PDF document text
- http://jolowajuwijo.pbworks.com/f/98086840815.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/ae16b2fb-daca-4a6b-9816-45e0832a5239/stanley_backpack_sprayer_61804_manual.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/fd061039-67f4-4682-8b7d-b1d571b52fca/23820913013.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/635dac0a-54ed-4b45-8f37-5e63585c842f/how_to_reset_general_electric_front_load_washer.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/6613917e-2fc1-4b8f-884d-a32c0d36345b/an______constructor_is_one_that_requires_no_arguments.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/5b95307a-a9c3-41aa-a574-07d0f8623880/57190745795.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/57d9f062-e521-4722-ae09-e505978f8352/1469146340.pdfIn PDF document text
- http://nowefuro.pbworks.com/w/file/fetch/144422457/18841513768.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000f337.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xF337 | 5504 bytes |
SHA-256: e8576df66274d7463ae6df646624871cbb6de71ad0f720f783529b1291a8e8c0 |
|||
font_01_sfnt_off000105dc.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x105DC | 10900 bytes |
SHA-256: 94ab7ad7b909bda8ad3b46052e6b6a3a5e3321cfc5e587fe98e4e889940a947c |
|||
font_02_sfnt_off00012b00.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x12B00 | 4324 bytes |
SHA-256: d1f4a20f0e35a0564be54678b929bb8c711862c507f070c2b9a6abea8daf4378 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.