MALICIOUS
136
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
This PDF file was detected as malicious by ClamAV and an ML classifier. It contains invisible links that lead to a CAPTCHA-themed lure, suggesting a phishing or credential harvesting attempt. One of the embedded URLs, 'https://nipisod.ru/123?utm_term=honda+cb400t+service+manual', is suspicious and likely part of the attack chain.
Machine Learning
- Nyx PDF Classifier malicious score 0.9991
Heuristics 5
-
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
-
Invisible PDF links to CAPTCHA-themed web lure high PDF_CAPTCHA_LINK_LUREPDF contains invisible clickable link annotations that point to a CAPTCHA/capcha-themed web path. This is a common phishing and ClickFix-style routing pattern: the PDF itself is inert, while the linked page performs the credential prompt or fake verification.
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://nipisod.ru/123?utm_term=honda+cb400t+service+manual PDF link annotation
- https://cdn-cms.f-static.net/uploads/4406481/normal_60558c58462f8.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4465914/normal_5fed120c636ec.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4450898/normal_5fd71b60d3c7d.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4402948/normal_600bafcb865a8.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4490735/normal_605f2b7370038.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4481280/normal_600dc1f05be63.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4450730/normal_605c85c8706c7.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4489058/normal_603c042f2bb36.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://uploads.strikinglycdn.com/files/9e92b980-5cb3-4b8e-8332-2629ab3dc91b/wordpress_login_recaptcha_not_working.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/3a496258-60c4-4bd8-90a1-efe88f0ed014/what_are_the_22_movies_leading_up_to_endgame.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/37190464-0b73-4092-a173-6592c8469904/bajolowipitimemibida.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/559c9dc6-89ca-453c-aad1-f1ce747fdb42/pronouns_worksheet_for_grade_10.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/acb6daed-5c7e-4b98-bee5-6250919d400b/how_to_reset_pentair_easy_touch_panel.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/ee6d8b5c-cbb5-4ba0-8350-6c63222164bc/pl_sql_developer_sql_plus.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/800453da-adc4-46d3-a517-1deebce197da/fafal.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/ddf9e388-26fd-4070-a4b3-80f72e33fe94/88383092160.pdfIn PDF document text
- http://poforezufovu.pbworks.com/w/file/fetch/144434274/telifetujuzunemawamogo.pdfIn PDF document text
- http://jujupaw.pbworks.com/f/lodomof.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/c12fe7b0-fa6f-413b-bdab-d918efd972db/microbiologia_y_parasitologia_humana_romero_cabello_2da_edicion.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/3215177b-6132-4f14-8336-8a2c72b78fe3/samsung_galaxy_note_4_edge_price_in_pakistan.pdfIn PDF document text
- http://fulusivijomu.pbworks.com/w/file/fetch/144440436/thinking_process_biology_zambia.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/4551ee2d-42ca-4446-ba9e-5006f1e9b451/how_to_turn_on_afterglow_headset_lvl_3.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/a925d03a-a168-4806-939c-a36d235b2b26/how_to_know_when_a_car_seat_is_expired.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/40129f6b-947c-4be1-b95f-0bd29b89accb/zinumuwamodifedik.pdfIn PDF document text
- http://kunozulig.pbworks.com/f/horror_movie_in_tamilrockers_download.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000e3f8.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xE3F8 | 5476 bytes |
SHA-256: c3fe1b6d5cfc66266ce1bd935df7cc76f6941fea38a95a5f0b5c34737abe079d |
|||
font_01_sfnt_off0000f681.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xF681 | 10900 bytes |
SHA-256: 0a3e5f723d08d4cc92e0c45068b0fb372a347ec1746dbc173b8be4089c231f96 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.