MALICIOUS
104
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The file is a PDF document identified as malicious by ClamAV and an ML classifier. It contains an embedded URL that is likely part of a phishing or malware distribution scheme, disguised as a budget template. The heuristic 'SE_INVOICE_LURE' further suggests a deceptive intent, aiming to trick the user into interacting with the malicious link.
Machine Learning
- Nyx PDF Classifier malicious score 0.9996
Heuristics 5
-
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
-
Fake invoice / payment lure low SE_INVOICE_LUREDocument contains invoice or payment language paired with an action verb — useful context when combined with link, macro, or attachment indicators
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://pelibifir.ru/award?keyword=free+printable+personal+budget+template+pdf
- https://cdn-cms.f-static.net/uploads/4377935/normal_603a01cb5606c.pdf
- https://cdn-cms.f-static.net/uploads/4389355/normal_600aea118df34.pdf
- http://wowezixuxaxu.22web.org/81395597793.pdf
- https://cdn-cms.f-static.net/uploads/4493867/normal_5fd8cb0134c45.pdf
- https://cdn-cms.f-static.net/uploads/4416811/normal_601d4f1a5e8cd.pdf
- http://vuxuvex.iblogger.org/25282493045.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- http://nofiwes.rf.gd/best_universities_to_study_international_law_in_europe.pdf
- https://s3.amazonaws.com/lekelepowo/maxobenewuni.pdf
- http://sobogasitizi.epizy.com/torafovinuvuzegikes.pdf
- https://s3.amazonaws.com/sixolose/does_blue_cross_cover_couples_counseling.pdf
- https://s3.amazonaws.com/juvuraguvutoxif/joggle_joint_sheet_metal.pdf
- http://girogabunuxumu.rf.gd/borland_delphi_5_enterprise_free.pdf
- https://s3.amazonaws.com/juzewojavomofew/riganofexewasuzufub.pdf
- https://s3.amazonaws.com/rurosaveruk/kogefelarabivamova.pdf
- http://mirepili.epizy.com/what_does_open_wod_mean_on_apple_watch.pdf
- https://s3.amazonaws.com/wewuxuviwar/34596182741.pdf
- https://s3.amazonaws.com/gopifu/xedavi.pdf
- https://s3.amazonaws.com/gedesisumi/47931355164.pdf
- https://s3.amazonaws.com/dewutexorob/medea_and_other_plays_euripides.pdf
- http://fodusazal.rf.gd/estampie_royal_violin_sheet_music.pdf
- http://petifogowiga.epizy.com/physical_development_in_adolescence.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000f75f.bin9a0ac4d8e5fe22aa8485724adc4e5dff626cc2f2a6aea4c3c2ab1b7d0a4c4ed8 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xF75F | 5456 bytes |
font_01_sfnt_off000109cf.bin605aeebd7a2277c5ad17b8251ff3eeeffea16f95872bcc46cc1375e5538ad3cd |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x109CF | 10648 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.