MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF contains an embedded URI pointing to a suspicious domain, which is also listed among the extracted URLs. The document body, though heavily obfuscated, appears to reference a search query, suggesting a lure to a malicious website. ClamAV detection and ML classification strongly indicate malicious intent, likely related to phishing or malware delivery.
Machine Learning
- Nyx PDF Classifier malicious score 0.9986
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://botokaw.ru/strik?utm_term=is+blast+and+saitama+the+same+person
- http://sagebiwepul.22web.org/45943868978.pdf
- http://fowirunuwajuk.iblogger.org/tenugafota.pdf
- https://static.s123-cdn-static.com/uploads/4486534/normal_5ff2c15600480.pdf
- http://nufubararojafe.22web.org/24546502465.pdf
- http://romeital.space/que_es_un_lider_cristianohy7tr.pdf
- http://xelinuruziv.iblogger.org/mapamundi_politico_2020.pdf
- http://salebobuja.iblogger.org/darigotog.pdf
- https://cdn-cms.f-static.net/uploads/4451231/normal_60325f33ee79c.pdf
- http://bageker.iblogger.org/41907193517.pdf
- http://believes.space/536274086291fp0m.pdf
- http://aazzzry.space/legal_aspects_of_healthcare_administration_free81k7n.pdf
- http://copyrightram.net/364792116410f6zq.pdf
- http://jazizuzosa.iblogger.org/pathophysiology_ebook.pdf
- https://static.s123-cdn-static.com/uploads/4376854/normal_5fc5997b3b6d3.pdf
- https://cdn-cms.f-static.net/uploads/4460461/normal_603c21cac507c.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- http://rokosarod.rf.gd/an_introduction_to_actuarial_mathematics_gupta.pdf
- http://fokotizemol.rf.gd/how_long_does_a_bradford_white_water_heater_last.pdf
- http://livofos.epizy.com/what_does_222_mean_in_islam.pdf
- http://dibixobijowib.rf.gd/breville_juice_fountain_cold_juicer_recipes.pdf
- http://dikumetuvo.epizy.com/teleological_theory.pdf
- http://vejawojifig.epizy.com/ffxiv_fashion_report_this_week_83.pdf
- http://fikexole.rf.gd/88520381902.pdf
- http://javixisapuv.epizy.com/81447719670.pdf
- http://mexexumekevuk.rf.gd/top_200_drugs_2020_naplex.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0001ff01.bin58ec8939b3545cca4a686527b6562b85876d30f0edc4128c08670214be1d12ac |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1FF01 | 52172 bytes |
font_01_sfnt_off00029be4.bin3b93ffce4e2ba52c4d8d4963262ebf14b4fae6f56507010c73e1c798a904c17a |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x29BE4 | 5276 bytes |
font_02_sfnt_off0002ad9d.bin6e5c3db04891527866e6d34c12850f4d858dc23c25d7315e94a907799968e063 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x2AD9D | 13768 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.