MALICIOUS
136
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1204.002 User Execution: Malicious Link
T1059.007 JavaScript
The file is a PDF document flagged by ML classifiers and ClamAV as malicious. It contains an embedded URL that is part of a lure related to 'electoral college activity', consistent with an advance-fee scam. The PDF structure and embedded content suggest it is designed to trick the user into visiting the malicious URL.
Machine Learning
- Nyx PDF Classifier malicious score 0.9996
Heuristics 5
-
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
-
Advance-fee lottery/parcel scam lure high SE_ADVANCE_FEE_SCAM_LUREDocument contains lottery/beneficiary or prize language together with large-value draft/funds wording and parcel/courier delivery requirements. This is a classic advance-fee fraud document shape.
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://lozipotod.ru/wix?keyword=electoral+college+activity
- https://cdn.sqhk.co/xaselavub/bWQjhRA/lenujasisemukikisijileda.pdf
- http://idealicaitalia.website/295317927222leps.pdf
- https://cdn.sqhk.co/gozigawefo/ihgcrjf/29072524714.pdf
- http://idealicaitalia.website/how_to_draw_the_male_figure_anatomyn7bco.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- http://robajev.rf.gd/the_art_of_correct_living_meaning.pdf
- http://kuleborujakojij.rf.gd/tiduvodonanolotunuginem.pdf
- http://sajobovu.epizy.com/34549688303.pdf
- http://pimorem.epizy.com/button._h_arduino_library.pdf
- https://uploads.strikinglycdn.com/files/33f3bd26-3ff3-4dad-8dc5-772af3339d39/sexual_orientation_straight_meaning_in_urdu.pdf
- https://uploads.strikinglycdn.com/files/c6a22d6f-1d2b-4b71-a562-42b953c54774/windows_server_2012_google_chrome_download.pdf
- http://xuvufajozurez.rf.gd/63888014431.pdf
- https://uploads.strikinglycdn.com/files/773a8a67-1c30-4959-821b-8f49c3aea5e4/39024751844.pdf
- http://fitilusulisi.epizy.com/fevufob.pdf
- http://gonowaxavox.epizy.com/adobe_for_mac_pro.pdf
- http://tuguwobafadurot.rf.gd/sukefiwokevevogimase.pdf
- http://zarenubopopo.epizy.com/tulika_mondal_baul_song_video.pdf
- https://uploads.strikinglycdn.com/files/0664d221-31b5-48af-ba70-fce4cb3e997f/how_much_does_it_cost_to_have_a_dna_test_for_a_dog.pdf
- http://govatojajij.epizy.com/99330235044.pdf
- http://tavokitewigi.rf.gd/mogifawajaxip.pdf
- http://xinudekewukipi.rf.gd/garmin_vivofit_4_fitness_tracker_best_buy.pdf
- http://tadoloko.epizy.com/tirefuzesubof.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000107fa.bind290d0c4ab0a81b54d85a23fdcf8203f1d2f450bea8ca097fabb74e139c28ffc |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x107FA | 4908 bytes |
font_01_sfnt_off000118ce.bin7da4a16b71dc1db550532b2bff06acee9b6078ebedc8335355528adbd1433eb9 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x118CE | 11040 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.