MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF file contains an embedded URL that mimics a search result for a common appliance error code, likely intended to trick the user into clicking it. The ML classifier and ClamAV detection strongly indicate malicious intent, classifying it as a phishing or trojan PDF. No scripts were extracted, but the presence of an external URI and the high confidence scores suggest a phishing or credential harvesting attempt.
Machine Learning
- Nyx PDF Classifier malicious score 0.9997
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://vilenefex.ru/123?utm_term=whirlpool+duet+washer+error+code+fl
- http://luvetikemo.66ghz.com/fimogobabadasaderisene.pdf
- http://gadezobokonej.iblogger.org/tracy_chapman_album.pdf
- http://bovewitavivebu.getenjoyment.net/periodic_maintenance_schedule_excel.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://s3.amazonaws.com/pokixovuxik/66905141587.pdf
- https://uploads.strikinglycdn.com/files/999b248e-151f-4a4d-b679-7d2d949bff88/avery_weigh_tronix_zm303.pdf
- http://zenakezogutomu.onlinewebshop.net/the_shakespeare_stealer_chapter_6_summary.pdf
- https://s3.amazonaws.com/betefowubevat/dyson_ball_canister_vacuum_manual.pdf
- http://ziwotojideg.rf.gd/how_to_pair_yamaha_soundbar_to_xfinity_remote.pdf
- https://uploads.strikinglycdn.com/files/1b137bbc-fc98-4f19-9402-a883c60b12da/35149272278.pdf
- https://s3.amazonaws.com/pogolo/65325662086.pdf
- http://lebozid.epizy.com/rubonifekufijepizeres.pdf
- http://lulanojejol.epizy.com/41738838076.pdf
- https://s3.amazonaws.com/gazitif/rekev.pdf
- http://getitusedoniriv.epizy.com/introduction_to_data_mining_2nd_edition_free_download.pdf
- https://uploads.strikinglycdn.com/files/33bf0530-aeef-4600-a53f-aecc4068cfab/how_do_i_add_a_to_my_wix_blog.pdf
- http://sogigadataga.epizy.com/haier_chest_freezer_user_manual.pdf
- https://s3.amazonaws.com/pujinit/emergency_contact_list_for_work_template.pdf
- http://wonaviga.rf.gd/bootstrap_4_psd_template_free.pdf
- https://uploads.strikinglycdn.com/files/b02c277e-bb90-49c2-91c6-b5b3c56c4536/how_to_become_a_recruiter_in_naukri.com.pdf
- https://s3.amazonaws.com/firudegix/futezesetibajekalefonozem.pdf
- https://s3.amazonaws.com/zazelujeju/gixokagi.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000e0c7.bin81d10e7f8fd47ce763de6f31dc92d17d5cdeb2c5b074a1c6f1c61f190223f197 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xE0C7 | 5348 bytes |
font_01_sfnt_off0000f308.bin330ae4e7ce59a5208e481ec6905d2319ed48d1b5b6e9853e26a25c8e81fe0746 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xF308 | 10264 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.