MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF file was flagged as malicious by ML classifiers and ClamAV, indicating a high likelihood of malicious intent. The embedded URL, https://xezojetit.ru/strik?utm_term=mantis+rototiller+won%2527t+start, is likely used to deliver a secondary payload or redirect the user to a phishing site. The document body, though heavily obfuscated, contains text that appears to be a lure related to a 'Mantis rototiller'.
Machine Learning
- Nyx PDF Classifier malicious score 0.9998
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://xezojetit.ru/strik?utm_term=mantis+rototiller+won%2527t+start PDF link annotation
- http://vozajomaralamer.mygamesonline.org/bukapanapiku.pdfIn PDF document text
- http://rudovatimokasum.medianewsonline.com/gefosujunaso.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- http://www.daltonmaag.com/In PDF document text
- http://xemunebo.atwebpages.com/68785526770.pdfIn PDF document text
- https://s3.amazonaws.com/gonafoziguwewe/css_stylesheet_color_codes.pdfIn PDF document text
- https://s3.amazonaws.com/sixolose/braun_thermoscan_5_ear_thermometer_reviews.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/08116ded-ee3c-45c5-9be4-24e17c3f86cb/asus_maximus_viii_hero_bios_update_guide.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/16d0309c-0565-46ea-b6b2-74928b2abb1a/excellence_resorts_punta_cana_vs_el_carmen.pdfIn PDF document text
- https://s3.amazonaws.com/tadevewuju/54255482811.pdfIn PDF document text
- https://s3.amazonaws.com/kegovev/buku_agama_hindu_kelas_11.pdfIn PDF document text
- https://s3.amazonaws.com/sesijesule/91851908135.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/b5adfdb7-3560-4a0f-959f-74fe91ae88ec/define_verbal_communication_skills.pdfIn PDF document text
- https://s3.amazonaws.com/rodiligarexo/dungeons_and_dragons_5e_player_s_guide.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/385d760c-7aae-4aa8-b3a0-82c5804cee77/61969337872.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/bbde97ea-0a0c-4ab5-bc8d-1df56d5209af/liwugivewusiru.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/5f88111c-c5a6-4956-9886-5bb729abd097/numerical_recipes_in_c_3rd_edition.pdfIn PDF document text
- https://s3.amazonaws.com/xeroguru/what_are_the_7_gifts_of_the_holy_spirit_with_meaning.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/58e9ece1-9e4c-41d1-8adb-dd5ba6f659eb/differentiate_the_characteristics_of_impressionism_and_expressionism_music.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/4a685369-9b08-4d78-ab82-c0f3d6fbc2b7/zikifexetuwajaziremegipe.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000eef3.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xEEF3 | 4600 bytes |
SHA-256: 38725e2c2d176b14962d212f8eb8ebac0c86a21233d587636677b6f3ec30e394 |
|||
font_01_sfnt_off0000fea7.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xFEA7 | 10976 bytes |
SHA-256: 978e34601ecc4bd244114f4ac84bcf8a79080707b8500ed46d4de6e562bbd0d7 |
|||
font_02_sfnt_off00012421.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x12421 | 4324 bytes |
SHA-256: b50a2106bf82917db0cd3cf88f63c5e8cc3298b343ace5cffc591b35df33d24c |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.