MALICIOUS
104
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF file was flagged by a machine learning classifier and ClamAV as malicious, specifically as a phishing trojan. It contains an embedded URL that leads to a domain associated with malicious activity, likely serving as a lure for users to download further malware. The presence of a 'download button' heuristic further supports the phishing pretext.
Machine Learning
- Nyx PDF Classifier malicious score 0.6787
Heuristics 5
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTONDocument contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://mezovuduw.ru/strik?utm_term=black+panther+movie+download+in+tamil+dubbed+hd+720p PDF link annotation
- https://diwijavel.weebly.com/uploads/1/3/4/6/134691177/ganisu_tixonupeximolu_rejuputotisuz_laxupov.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4391009/normal_5fcf98668b0ae.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4501214/normal_600f1fa82e7f0.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4480582/normal_5fcb70b4ac338.pdfIn PDF document text
- https://mugijimefulex.weebly.com/uploads/1/3/1/6/131606494/6036454.pdfIn PDF document text
- https://berisojelo.weebly.com/uploads/1/3/0/8/130874511/27bd5cffe.pdfIn PDF document text
- https://totijavefukaja.weebly.com/uploads/1/3/4/7/134705726/tilemanikufi_feluzekoxura_mixaf_ravavejubav.pdfIn PDF document text
- https://zuwiliwiwira.weebly.com/uploads/1/3/1/0/131071082/raxezigivobo.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4365536/normal_5ffdffb8d1723.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4382770/normal_604e8f5bb6c14.pdfIn PDF document text
- http://gigewaxupupixe.22web.org/64452480567.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- http://fedorahosted.org/lohitIn PDF document text
- http://www.daltonmaag.com/In PDF document text
- https://s3.amazonaws.com/retisovojor/33037787264.pdfIn PDF document text
- http://govezijatin.rf.gd/how_to_descale_a_keurig_k400_series.pdfIn PDF document text
- http://zemagarekerak.epizy.com/abaqus_simulation_software_free.pdfIn PDF document text
- https://s3.amazonaws.com/likadojivivofu/endocrine_system_multiple_choice_questions_and_answers.pdfIn PDF document text
- https://s3.amazonaws.com/bitajemisajoz/a_murder_is_announced_1985_cast.pdfIn PDF document text
- https://s3.amazonaws.com/vajefam/rulubixosegaduketek.pdfIn PDF document text
- https://s3.amazonaws.com/baxunaf/63677153427.pdfIn PDF document text
- https://s3.amazonaws.com/pivetuzadujo/kupujamuvirotalanopex.pdfIn PDF document text
- http://ligeziwofumupo.epizy.com/dataxofi.pdfIn PDF document text
- https://s3.amazonaws.com/wezukep/april_may_calendar_2019.pdfIn PDF document text
- https://s3.amazonaws.com/zonivezada/93768396274.pdfIn PDF document text
- https://s3.amazonaws.com/megodipewukitoj/what_should_humidity_control_be_set_at.pdfIn PDF document text
- https://s3.amazonaws.com/bezorito/guided_access_stuck_on_iphone_8.pdfIn PDF document text
- https://s3.amazonaws.com/falevi/92851708461.pdfIn PDF document text
- https://s3.amazonaws.com/jenagubadopi/dikupoveribitupokirujub.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- https://savannah.gnu.org/projects/freefont/In PDF document text
- http://www.gnu.org/licenses/In PDF document text
- http://www.gnu.org/copyleft/gpl.htmlIn PDF document text
- http://scripts.sil.org/OFLIn PDF document text
- http://www.geocities.com/mitra_anirban/hobbies.htmGNUIn PDF document text
- http://www.gnu.org/copyleft/gpl.htmRegularIn PDF document text
- http://dejavu.sourceforge.netIn PDF document text
- http://dejavu.sourceforge.net/wiki/index.php/LicenseIn PDF document text
Extracted artifacts 9
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00018183.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x18183 | 7696 bytes |
SHA-256: d57dce2757a77e73366127df4db565f2944a7243398d13dfa92f80e4e2780b8d |
|||
font_01_sfnt_off000195be.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x195BE | 5776 bytes |
SHA-256: eb615c3bf074d35e3f23b29d9ae022551fdd2365072ec24f7b289ed1a17f74d0 |
|||
font_02_sfnt_off0001a93d.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1A93D | 7168 bytes |
SHA-256: 672f570a782b9e20439b0f0046db1139cdc80e19c515daee7438b346ead9c554 |
|||
font_03_sfnt_off0001be0a.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1BE0A | 3720 bytes |
SHA-256: d0c9e33916e9e64e42e31bcf0d345f6c2fcd41735b1a34df0119bd0eb1094281 |
|||
font_04_sfnt_off0001c966.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1C966 | 3264 bytes |
SHA-256: a1c9d367a6b48691f08a48ecb14646aeee528cb4ecfe3e5f583a9a3fe5cc9e8f |
|||
font_05_sfnt_off0001d68a.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1D68A | 15084 bytes |
SHA-256: aa3d87a7dd18045bd3abeec2a67e66f2a94a93e2a9484130e3639fd5424a2b09 |
|||
font_06_sfnt_off0002053d.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x2053D | 16440 bytes |
SHA-256: f39c8bd5c1fb434d77eebc2a27255ac1f7a6c44285a314beeac0a71bd112cf7d |
|||
font_07_sfnt_off00021b86.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x21B86 | 4324 bytes |
SHA-256: b50a2106bf82917db0cd3cf88f63c5e8cc3298b343ace5cffc591b35df33d24c |
|||
font_08_sfnt_off00022990.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x22990 | 6672 bytes |
SHA-256: 15e5c2ea1add9086bbbbe1b2262a98a39744c29589d2b0715c518e98940f18ea |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.