MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF file was flagged as malicious by a ML classifier and ClamAV, indicating a high likelihood of malicious intent. The embedded URL 'https://dugedepap.ru/wix?keyword=what+is+transduction+in+the+eye' and another unknown URL 'http://liketime.online/nemivebowukiwuse7gpmb.pdf' suggest the document is used to redirect users to potentially harmful sites. The document body, though heavily obfuscated, contains metadata related to 'wkhtmltopdf', suggesting it might be a generated document used for malicious purposes.
Machine Learning
- Nyx PDF Classifier malicious score 0.9991
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://dugedepap.ru/wix?keyword=what+is+transduction+in+the+eye PDF link annotation
- http://liketime.online/nemivebowukiwuse7gpmb.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4405197/normal_6002ae7053e2e.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4464523/normal_6017426fcc8c6.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4492272/normal_5fd2dbfbf260a.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4488139/normal_6052bd8e6dcea.pdfIn PDF document text
- http://insurancesouk.com/13339560984okteb.pdfIn PDF document text
- http://grampus-shop.com/pikigbpgae.pdfIn PDF document text
- http://bandalet.club/music_notes_treble_clef_worksheetweqlk.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4413848/normal_5fe44653b90db.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4367301/normal_5ff9aa523592c.pdfIn PDF document text
- http://digitaltoolsfor.xyz/relion_blood_pressure_cuff_accuracyywla6.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- http://www.daltonmaag.com/In PDF document text
- https://s3.amazonaws.com/pokixovuxik/gta_3_hidden_packages_guide.pdfIn PDF document text
- https://s3.amazonaws.com/vavapekadoliti/tesla_model_3_2021_price_drop_uk.pdfIn PDF document text
- https://s3.amazonaws.com/jevopemosod/how_to_factory_reset_my_motorola_android_phone.pdfIn PDF document text
- https://8f6f9f04-f977-4239-955d-f6aecf2dd879.filesusr.com/ugd/81cd61_eee1b6af626645bab770425e190a8439.pdf?index=trueIn PDF document text
- https://c36efdde-2309-4ce2-a10d-b6df2ce12cd8.filesusr.com/ugd/e98059_d7507d33d6d94851ab2b850b8472aa6e.pdf?index=trueIn PDF document text
- https://80c93ba6-74df-4afb-9852-3a83eaba20e3.filesusr.com/ugd/4cf28d_5029e8d46cc7418ba160487fb49dac5a.pdf?index=trueIn PDF document text
- https://044ec7df-721b-4788-b209-87474a3fcb06.filesusr.com/ugd/60ffa2_c700f790a4e84ef1a8102a49296abae9.pdf?index=trueIn PDF document text
- https://acfc0e76-311d-46af-9c13-f46c112eb424.filesusr.com/ugd/f90bad_94e4d23b82654cb5bb76dc0893d93fa2.pdf?index=trueIn PDF document text
- https://45f61934-b4a1-4335-a9e3-e142d9465b5b.filesusr.com/ugd/0dd040_3e645cb203a24bd1bdf504bec013fd60.pdf?index=trueIn PDF document text
- https://ec8c99fd-5413-4e38-b6a0-2ccbba71fc6f.filesusr.com/ugd/de02f3_ade14e73c90e4a3a8bf6b4912504526b.pdf?index=trueIn PDF document text
- https://27158da8-170d-48ca-a528-b8ced62fe517.filesusr.com/ugd/9fc8c3_9854d0a147fc430a9b38d0fbae905851.pdf?index=trueIn PDF document text
- https://s3.amazonaws.com/mefovu/97061075285.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000eda1.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xEDA1 | 4992 bytes |
SHA-256: 72abc78cf2153455d1b135179686cddcdf9a7cc81a530045fb94dbb4cf7fb2cd |
|||
font_01_sfnt_off0000fe92.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xFE92 | 10860 bytes |
SHA-256: 716334df059684fc50186acf45bc2c03bb1e7e318c1b726895fe7c0f47a2a8d4 |
|||
font_02_sfnt_off000123b5.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x123B5 | 4324 bytes |
SHA-256: 1062cd8ddf90f4344fa193b395386d5669df1a952e5759311ca261a71931f361 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.