MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF file contains an embedded URL that redirects to a malicious domain, likely intended to deliver a payload. The ML classifier and ClamAV detection strongly indicate malicious intent, classifying it as a phishing trojan. The document body, though heavily obfuscated, suggests a lure related to a dryer manual, aligning with a phishing attack pattern.
Machine Learning
- Nyx PDF Classifier malicious score 0.9998
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://golowaki.ru/wix?keyword=whirlpool+cabrio+dryer+manual+pdf
- https://cdn-cms.f-static.net/uploads/4368770/normal_5fd22408cd655.pdf
- https://cdn-cms.f-static.net/uploads/4485930/normal_5fdae7e0c3cfa.pdf
- https://cdn-cms.f-static.net/uploads/4487386/normal_600d9250d2fe7.pdf
- https://static.s123-cdn-static.com/uploads/4482405/normal_5fe08e0f957e8.pdf
- http://profer-opt.ru/84618290243srnr8.pdf
- http://qqkaxes.xyz/lisilogizamuxejozekerup9aeeb.pdf
- https://cdn-cms.f-static.net/uploads/4425010/normal_6009cd4407f07.pdf
- http://e-devletodeme.net/bulova_marine_star_98c119_manualyi6cw.pdf
- https://xazonulukobimov.weebly.com/uploads/1/3/2/7/132712199/pisojo_selotu.pdf
- https://static.s123-cdn-static.com/uploads/4404983/normal_5ffbbf0a6a409.pdf
- https://wilosobofixi.weebly.com/uploads/1/3/4/8/134858013/7069e13e6e7d94.pdf
- https://xikisujegowo.weebly.com/uploads/1/3/1/8/131856166/2275575.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://s3.amazonaws.com/fumiposamisur/free_annual_credit_report_number.pdf
- https://92923600-264c-4cb8-9d87-181083d4f0d6.filesusr.com/ugd/0bf43f_d134e9f33cb14bcfb6861196fafcbb52.pdf?index=true
- https://44407f20-7244-4107-9544-84d8151b6f9a.filesusr.com/ugd/8508de_ef0e9009016e4e02b6d39023a6e1eaeb.pdf?index=true
- https://s3.amazonaws.com/jotogorurekuro/74647273107.pdf
- https://s3.amazonaws.com/jewizopukuni/bad_boy_bubby_movie_480p.pdf
- https://4a0f17ac-6ce6-4c05-9546-25c48d39d9f7.filesusr.com/ugd/cd79e3_95860cfaef844140bc7dac256c22dbe1.pdf?index=true
- https://s3.amazonaws.com/dikomavomem/juwuwipo.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00010877.bin0656d55da087b7549f62e88a422eec03ae33f50c5cb5f8cb9c13d709098b78e3 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x10877 | 5472 bytes |
font_01_sfnt_off00011af6.bind4a25f4d553c6773a513b5dd6712806e99138ab5b9cda8a3713e452a89132a6b |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x11AF6 | 11544 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.