MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The file is a PDF document flagged by ClamAV as Pdf.Phishing.Trojan and ML classifiers. It contains an embedded URL pointing to a suspicious domain, likely intended to trick the user into visiting a malicious site. No scripts were extracted, but the presence of an external URI and the overall detection suggest a phishing or credential harvesting attempt.
Machine Learning
- Nyx PDF Classifier malicious score 0.9998
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://golowaki.ru/123?utm_term=ceramic+capacitor+application+guide
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://uploads.strikinglycdn.com/files/3eed1004-d8e6-4668-ad15-c9ab32f87736/nunumegiga.pdf
- https://uploads.strikinglycdn.com/files/1fe16c7f-1b2d-4122-b73c-68d9d0e13406/lusabijujebinexajewijoli.pdf
- https://s3.amazonaws.com/lupebesu/the_dead_room_imdb_parents_guide.pdf
- https://s3.amazonaws.com/vinejivunitego/atualizar_android_no_mxq_4k.pdf
- https://s3.amazonaws.com/xupizewuxere/97894962965.pdf
- https://uploads.strikinglycdn.com/files/6473cec7-ee84-42fa-8eb0-0f6a2cd4b61e/kixem.pdf
- https://uploads.strikinglycdn.com/files/22b276c4-3a36-4f76-bce6-2c30d7dca0f3/gakopera.pdf
- https://s3.amazonaws.com/vesubodufisi/36807775025.pdf
- https://s3.amazonaws.com/mubemutolewe/little_house_on_the_prairie_season_3_episode_24.pdf
- https://uploads.strikinglycdn.com/files/0f26253e-7f6b-41f3-ada6-5b9386fdd9a9/whats_healthy_at_buffalo_wild_wings.pdf
- https://uploads.strikinglycdn.com/files/b5406448-e578-4889-9897-6f0556f5217e/how_to_reset_a_gatehouse_lock.pdf
- https://uploads.strikinglycdn.com/files/25f65703-4da6-434c-a450-e8ce8e4835a5/20327664113.pdf
- https://uploads.strikinglycdn.com/files/a38f311e-9301-4257-ac8d-c0af4aa162d8/3809301406.pdf
- https://s3.amazonaws.com/kotenu/zemagivudisaxebonegiti.pdf
- https://s3.amazonaws.com/fowonaxul/74605653078.pdf
- https://uploads.strikinglycdn.com/files/0ff80c80-6e41-45d7-94a6-d4601b619f95/neil_gaiman_book_list_in_order.pdf
- https://uploads.strikinglycdn.com/files/e6d60468-18e0-4f13-b255-0ba4966adc83/29479694534.pdf
- https://s3.amazonaws.com/sizabo/journal_bearing_book.pdf
- https://uploads.strikinglycdn.com/files/b3c9f1cb-ef38-45b7-b94d-9937d21762e3/ruxunezi.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00012177.binc138b6b43b9119365b036d72ce56f7aadfb0d098ec65f19f2135be19af2488cd |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x12177 | 5120 bytes |
font_01_sfnt_off000132c3.bin3bbc4b4d6379c547e2bc2b4321087f3a0c3178e9012eda4822e3d168ce2414d8 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x132C3 | 11140 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.