MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The file is a PDF document that contains an embedded URL pointing to a suspicious domain. The ClamAV detection and ML classifier strongly indicate maliciousness. The document body, though heavily obfuscated, suggests a lure related to a 'Honda civic service manual pdf', which is likely a pretext to drive the user to the malicious URL for phishing or malware delivery.
Machine Learning
- Nyx PDF Classifier malicious score 0.9975
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://kuzutuzo.ru/strik?utm_term=honda+civic+service+manual+pdf
- https://cdn-cms.f-static.net/uploads/4504641/normal_602ab4184208e.pdf
- https://sixojatem.weebly.com/uploads/1/3/4/6/134650300/54690.pdf
- https://lupipoga.weebly.com/uploads/1/3/4/4/134402738/banupigoj.pdf
- https://static.s123-cdn-static.com/uploads/4369651/normal_5ffbc44d874cf.pdf
- https://vatifogogunubit.weebly.com/uploads/1/3/4/7/134725392/2676008.pdf
- https://novizatedorik.weebly.com/uploads/1/3/6/0/136095988/7542651.pdf
- https://vunozeguwogiwe.weebly.com/uploads/1/3/4/7/134745761/nuraxinejupa_wipamukaben.pdf
- https://cdn-cms.f-static.net/uploads/4466673/normal_6016480f771b7.pdf
- https://cdn-cms.f-static.net/uploads/4423171/normal_602e54a164f4a.pdf
- https://munerojepoges.weebly.com/uploads/1/3/4/0/134042508/82395.pdf
- https://wemupubipu.weebly.com/uploads/1/3/5/3/135331653/debaf_fojumasun_kafimabeki.pdf
- https://cdn-cms.f-static.net/uploads/4471682/normal_601b052b1dcfe.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://7ae774ad-b64d-4473-a0b1-aa0db1e39e83.filesusr.com/ugd/3e7897_ed59aff75e8e44ca9721034700a9b49c.pdf?index=true
- https://uploads.strikinglycdn.com/files/6b622cd2-15a4-4bcb-a64c-6bbff7456f65/vozijir.pdf
- https://36071b1a-d853-4ad1-bccf-0ed894d94038.filesusr.com/ugd/906e9f_16236805d9d14ae3a5589907b65812ce.pdf?index=true
- https://uploads.strikinglycdn.com/files/9039ee79-9759-4d97-bca8-3556d6a10d21/jupuwibozep.pdf
- https://uploads.strikinglycdn.com/files/7e07b77c-2c44-46e1-90d0-03a21c5c5b82/84638212418.pdf
- https://uploads.strikinglycdn.com/files/867a45fe-80ac-4b78-acee-d74cc533b8a6/rudavedusa.pdf
- https://uploads.strikinglycdn.com/files/36d8ac36-19ef-4c44-b73f-027fcf7e46c1/2012_highlander_oil_capacity.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00049132.bindf6af59a15130be91249b84d0911ab76a44059568b68c5991e9ddb5bdfa91f69 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x49132 | 5324 bytes |
font_01_sfnt_off0004a33a.bin67ef600c4f85b5e106ab69eed5e69c1215e6e4c5bec721b0409317bba1b6afd3 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x4A33A | 13044 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.