MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
This PDF document was flagged as malicious by ClamAV and an ML classifier. The file embeds external URLs that direct users to attacker-controlled resources. Specific URLs and indicators for this sample are listed in the indicators section.
Machine Learning
- Nyx PDF Classifier malicious score 0.6166
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://jumiwimov.ru/123?utm_term=188bet+mobile+app+android PDF link annotation
- https://pegogelixuj.weebly.com/uploads/1/3/0/8/130813965/141a3909b583f9.pdfIn PDF document text
- https://sinezotuze.weebly.com/uploads/1/3/0/9/130969777/ranij-fadopiri-sokigijexonek-xebipizisil.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4382960/normal_601a3a667f1f1.pdfIn PDF document text
- https://nuzojumikosa.weebly.com/uploads/1/3/0/8/130814298/tinevonuzel_bofedeginubevow_lowesuwubavoru_lajuv.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4402956/normal_6040174480fae.pdfIn PDF document text
- https://malitizume.weebly.com/uploads/1/3/4/0/134097131/folota.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4367674/normal_6056e9599fb01.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://uploads.strikinglycdn.com/files/19f9cd95-20fe-45c4-ab95-6f41603df32c/what_old_movies_are_on_hulu.pdfIn PDF document text
- https://s3.amazonaws.com/sowewazulejewi/casio_protrek_prg_270-_1_manual.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/0f8d7482-8b8c-4f8d-a919-e29c40388237/refovakigal.pdfIn PDF document text
- https://04a9e765-cf69-4035-9b9a-998d8fb4e692.filesusr.com/ugd/8c5016_786c7f1a0fe44751b94fca5c3484a528.pdf?index=trueIn PDF document text
- https://4ad55601-b8ab-4ae0-bc0e-e90069072326.filesusr.com/ugd/3aca14_c8dee650ffc54eeba0bd50f0a23f2061.pdf?index=trueIn PDF document text
- https://uploads.strikinglycdn.com/files/e93cf863-dfd2-40a7-8cd6-0fdb1d87cf81/skyrim_xbox_one_x_load_order.pdfIn PDF document text
- https://c6926203-1eb9-401e-9afa-11f61f201807.filesusr.com/ugd/685707_1b3f6fe15f1b4d34b33cd26f43f29605.pdf?index=trueIn PDF document text
- https://uploads.strikinglycdn.com/files/151b0ce5-6530-4877-a3f0-c77bab85658d/nabaxikometud.pdfIn PDF document text
- https://67bb8873-ca08-4da4-87c0-60a8072ebff6.filesusr.com/ugd/a838c0_8f760961452c4b458e3374aefaf36183.pdf?index=trueIn PDF document text
- https://665985ba-8e9f-4173-b993-17a3090d61d7.filesusr.com/ugd/08421c_c5455c17aa3a4e83959770d5056f6420.pdf?index=trueIn PDF document text
- https://f59c0a4d-c104-43ac-8966-a5978cdf1b8c.filesusr.com/ugd/0c1ebd_9d373d12ca4e4ac8b7ae22de503dcc8b.pdf?index=trueIn PDF document text
- https://40e214c1-1950-44e8-a195-e2c6eeb23253.filesusr.com/ugd/a517f4_63c32a3f995744eabfd975e178cd1d71.pdf?index=trueIn PDF document text
- https://73e25548-3913-4bbb-aa69-a1b25f69568d.filesusr.com/ugd/cece23_a903c9e9e51b446d948e67706fa321e0.pdf?index=trueIn PDF document text
- https://s3.amazonaws.com/musoxifuvitalo/abiudi_misholi_nimechoka_unilinde_video.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000b1df8.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xB1DF8 | 5220 bytes |
SHA-256: 3417d7e53103f9f8a77eb9ef8c1ebc5cf9953cadbd9aebd4736f0a736d56d394 |
|||
font_01_sfnt_off000b2f9d.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xB2F9D | 14308 bytes |
SHA-256: 4afb29c90afbe8559e2c11b0ecf2083c40eb0e606c4dd57d9fab75cae6c05e0b |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.