MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The file is a PDF document that contains an embedded URL pointing to a suspicious domain. The ML classifier and ClamAV detection strongly indicate malicious intent, likely phishing or malware distribution. The document body, though heavily obfuscated, suggests a lure related to 'covid 19 and education' to entice users to click the malicious link.
Machine Learning
- Nyx PDF Classifier malicious score 0.9996
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://kuzutuzo.ru/strik?utm_term=research+topics+on+covid+19+and+education PDF link annotation
- https://xalumalalo.weebly.com/uploads/1/3/4/7/134766869/a8d25034c50.pdfIn PDF document text
- http://wejesigozolireb.getenjoyment.net/avantree_oasis_plus_manual.pdfIn PDF document text
- http://shop-onlinediscount.xyz/rowexamotujusojilezunaf2v.pdfIn PDF document text
- http://gerisekazaleg.22web.org/ibm_qradar_wincollect_guide.pdfIn PDF document text
- http://construt.site/a_new_leaf_by_francis_scott_fitzgeraldzorsb.pdfIn PDF document text
- http://pabazumakubonok.66ghz.com/epidemiological_transition.pdfIn PDF document text
- http://repochka.site/gipugumiferilegebmmfn.pdfIn PDF document text
- https://zipesonavizi.weebly.com/uploads/1/3/6/0/136052153/xawegoregegov.pdfIn PDF document text
- http://faceskinagainbeauty.xyz/1316667095gn8lk.pdfIn PDF document text
- https://dapavivilo.weebly.com/uploads/1/3/4/8/134895477/luvuduguwuse.pdfIn PDF document text
- http://store50off.info/801598966833brjb.pdfIn PDF document text
- http://voztrans.ru/great_unclean_one_datasheetmvuvv.pdfIn PDF document text
- https://kusovagojevo.weebly.com/uploads/1/3/4/8/134883394/pobumozezovave_retuzo.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- http://zajupulavofawi.myartsonline.com/how_to_memorize_exact_trig_values.pdfIn PDF document text
- https://s3.amazonaws.com/gadumagabusodel/australian_visitor_visa_form_1149.pdfIn PDF document text
- https://s3.amazonaws.com/tonemakopinibem/japur.pdfIn PDF document text
- http://bojifif.rf.gd/riven_guide_season_9.pdfIn PDF document text
- https://s3.amazonaws.com/dumupa/20238640935.pdfIn PDF document text
- http://pudunajuge.rf.gd/callablestatement_jdbctemplate_example.pdfIn PDF document text
- http://gupexofuvesok.epizy.com/44293776046.pdfIn PDF document text
- https://s3.amazonaws.com/rujabepifar/diaphragm_seal_pressure_gauge_datasheet.pdfIn PDF document text
- https://s3.amazonaws.com/kozibowisenatu/what_is_the_average_salary_for_an_anesthesiologist_assistant.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000fb2e.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xFB2E | 5404 bytes |
SHA-256: a1999c957993fe3f1a80b0036011357fab2b8a6bda05666e5156d8aba58ddc2b |
|||
font_01_sfnt_off00010d95.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x10D95 | 12112 bytes |
SHA-256: 5595cb463b310790963ab57821aeabde22a5cd930c5cb22e3a011eed093546ec |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.