MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The file is identified as malicious by ML classifiers and ClamAV, and contains an embedded URI pointing to a suspicious domain. The document body, though heavily obfuscated, suggests a lure related to GMAT math questions, indicating a phishing or social engineering attempt. The presence of an external URI suggests the document is designed to redirect the user to a malicious site for further exploitation.
Machine Learning
- Nyx PDF Classifier malicious score 0.9998
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://baarspo.ru/strik?utm_term=sample+gmat+math+questions+and+answers+pdf
- https://static.s123-cdn-static.com/uploads/4481663/normal_5fd09c4f84039.pdf
- https://cdn-cms.f-static.net/uploads/4495975/normal_606e9563039fc.pdf
- https://cdn-cms.f-static.net/uploads/4426080/normal_604912fa336f6.pdf
- https://cdn-cms.f-static.net/uploads/4377380/normal_6067fb82be51a.pdf
- https://cdn.sqhk.co/bakavaxa/jfChhjb/football_heroes_pro_2017_hack.pdf
- https://static.s123-cdn-static.com/uploads/4423699/normal_5fde4b4a07f41.pdf
- https://cdn.sqhk.co/wajewukudino/h1fWEgj/bevur.pdf
- https://cdn.sqhk.co/saseponirifa/gdjinif/eliminar_bubble_witch_3_saga_windows_10.pdf
- https://cdn-cms.f-static.net/uploads/4414169/normal_60487657ee342.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://459ec6dd-5b69-4322-a182-74abbfaa0e48.filesusr.com/ugd/221eaa_da9dc3496359405a9efcb016be6bfda9.pdf?index=true
- http://feliruxitekul.epizy.com/5219386609.pdf
- https://be56f97b-0727-4a8e-a141-4155b83e75ac.filesusr.com/ugd/5034d0_3871f8c404c24ad3bdd8472cffb41742.pdf?index=true
- https://6731adf0-0bfb-4e29-9024-dbf0b6c78d19.filesusr.com/ugd/163ed7_db4e5fb28c9a4c2592fa489641df19c7.pdf?index=true
- https://s3.amazonaws.com/luramamelolem/ayyappan_songs_starmusiq.pdf
- http://pupuwifemo.rf.gd/90517295390.pdf
- http://jidoxib.rf.gd/fujugevelenafizezi.pdf
- https://064d663d-f6b2-44cf-a6ad-083da5f315e5.filesusr.com/ugd/77eba6_52363f4ce8f1438e9515017be4995bf6.pdf?index=true
- https://s3.amazonaws.com/rovuweraja/amplificador_de_musica_para_casa.pdf
- https://37bdae34-bb2f-403f-997c-54a7c09d9c06.filesusr.com/ugd/dc98cc_d877d5f957c8437c923cc8acaf2359a8.pdf?index=true
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0001071b.bin3a8b41ef1d00e7e4f278d291c134f9ef11e670854789bc0a6f7242fedcae5494 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1071B | 5776 bytes |
font_01_sfnt_off00011aa1.bin319421e470cf178cc714c2f52da2f088ca5ee3eb672efef40458b65faa380552 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x11AA1 | 11592 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.