MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF file contains heuristics indicating an external URI and embedded URLs, with the primary URL being `https://maypoin.ru/wix?keyword=breadman+bread+machine+manual`. The ML classifier and ClamAV detection strongly suggest malicious intent, likely phishing or malware distribution. Although no scripts were explicitly extracted, the PDF structure and embedded URI point towards a social engineering attack aiming to redirect the user to a malicious site.
Machine Learning
- Nyx PDF Classifier malicious score 0.9998
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://maypoin.ru/wix?keyword=breadman+bread+machine+manual
- https://static.s123-cdn-static.com/uploads/4424645/normal_5ff4e902d8211.pdf
- https://cdn.sqhk.co/piravasufinu/ehbJIig/91801707174.pdf
- https://cdn.sqhk.co/pigujoxexate/Xs5Pj6M/1548688832.pdf
- https://cdn-cms.f-static.net/uploads/4365621/normal_600d0b06f322c.pdf
- http://dimozakebaba.scienceontheweb.net/sat_reading_comprehension_practice.pdf
- https://cdn.sqhk.co/kozutani/gjwp0uD/dragon_boat_race_ielts_listening_answers.pdf
- http://fadewujetenuve.mywebcommunity.org/australian_blueprint_for_career_development.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://uploads.strikinglycdn.com/files/b01b60ea-b6c6-4428-b23f-05ddc8e19ba6/2_5_10_times_tables_and_division_worksheets.pdf
- https://uploads.strikinglycdn.com/files/5e53d8bb-268a-4e06-a650-c5252bfdbba6/xuzug.pdf
- https://uploads.strikinglycdn.com/files/247b5a78-060f-4dd9-8d2e-538ab1366167/titulos_de_credito_publicos_y_privados_ejemplos.pdf
- https://uploads.strikinglycdn.com/files/2ac2240c-e1b6-4382-b303-9a3921b7f79b/fadubize.pdf
- https://s3.amazonaws.com/putelekireza/transition_words_in_spanish.pdf
- https://uploads.strikinglycdn.com/files/10a43c7f-90d7-49b2-a8ca-2e7f838ab800/a_series_of_unfortunate_events_book_1_chapter_summaries.pdf
- https://s3.amazonaws.com/nolarifaforuxop/destiny_2_armor_2._0_guide.pdf
- http://bajupigirosinaf.atwebpages.com/futirofekaxabuzolup.pdf
- https://uploads.strikinglycdn.com/files/d56920b3-793a-49f4-af23-12bb61422b3f/weber_spirit_2_e310_cover.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000f29f.binbc8c989e3294ee319e3f5502bbfa30d873dfda5fe8e49c6f2019a2dc32aa6103 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xF29F | 5192 bytes |
font_01_sfnt_off00010417.bin9333d9c7fa816f518f0e8a96595110c5c9260ea8e87f43b09421eb967442d988 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x10417 | 10276 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.