MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The file was detected as malicious by ML classifiers and ClamAV, indicating a high likelihood of malicious intent. It contains an embedded URI pointing to a suspicious domain, likely intended to redirect the user to a phishing or malware distribution site. Although no scripts were explicitly extracted, the PDF structure and embedded URLs suggest a phishing attempt, possibly leveraging embedded JavaScript for redirection.
Machine Learning
- Nyx PDF Classifier malicious score 0.9997
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://gimoguvi.ru/wix?keyword=pitching+distance+for+junior+high+softball
- http://gonugotez.22web.org/how_long_does_cuisinart_ice_cream_maker_take.pdf
- http://vladport.ru/how_to_start_a_business_in_texas_checklistrdali.pdf
- http://radogomi.mygamesonline.org/jesamuzurugujemapujunol.pdf
- http://seedcraft.online/data_science_for_dummiesrvog8.pdf
- http://derilezin.sportsontheweb.net/56399415793.pdf
- http://kutegexuwudaro.getenjoyment.net/tatiredenowina.pdf
- http://vataponuxizeliz.mywebcommunity.org/40121060542.pdf
- http://lojapidabud.mypressonline.com/maxilasenab.pdf
- http://reduslimitalia.site/harry_potter_5th_year_timelineubxfp.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://uploads.strikinglycdn.com/files/a674f0da-e949-48ff-8bbb-c6609c1b26a7/signs_a_guy_is_interested_in_you_body_language.pdf
- http://gukutimaguvuzum.onlinewebshop.net/phonetics_exercises_vowels.pdf
- http://liwusetokabozil.epizy.com/charles_aznavour_chansons_formidable.pdf
- https://uploads.strikinglycdn.com/files/df05a184-7d18-43dc-9d55-17178a357db2/19290490705.pdf
- https://uploads.strikinglycdn.com/files/aa71669c-214d-4272-9b05-b430bfcadadc/construct_2_free_version_download_full.pdf
- https://s3.amazonaws.com/donake/ribena_blackcurrant_fruit_drink_nutrition_information.pdf
- http://lawaxisagiwog.atwebpages.com/24990750240.pdf
- https://s3.amazonaws.com/feborobegibew/book_discussion_platform.pdf
- http://kavizerexu.rf.gd/bozanstvena_komedija_raj.pdf
- https://s3.amazonaws.com/mukut/kegagulixevisufi.pdf
- http://zigubogujivo.epizy.com/farinevarivabefibuga.pdf
- http://nekanonesogur.rf.gd/likorodepilu.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000e61d.binb6fce254b04a72ae635074bbd606e2c46e4703fcf0969bc6b5ecbcea515919e2 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xE61D | 5500 bytes |
font_01_sfnt_off0000f8d1.bin3b93eef0728eecfe5a7abfb8a8be1a15371f548295aed2753aace10dab958dc2 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xF8D1 | 10744 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.