MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
This PDF document was flagged as malicious by ClamAV and an ML classifier. The file embeds external URLs that direct users to attacker-controlled resources. Specific URLs and indicators for this sample are listed in the indicators section.
Machine Learning
- Nyx PDF Classifier malicious score 0.9987
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://leonvi.ru/wix?keyword=genki+workbook+1+answers PDF link annotation
- http://jotepuxigavof.iblogger.org/wofitufa.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4450506/normal_5fc77314bef7c.pdfIn PDF document text
- https://cdn.sqhk.co/tatidukigag/ojaXgjO/pixerukomipubobul.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4386084/normal_5fc620e02525d.pdfIn PDF document text
- https://cdn.sqhk.co/xutazazo/glsArf7/download_windows_10_file_manager_apk.pdfIn PDF document text
- https://cdn.sqhk.co/beledufe/hjcvuTr/word_family_room_decor.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4424645/normal_5ff31950796ac.pdfIn PDF document text
- https://cdn.sqhk.co/vekuperik/ibeheha/nanasaparotupaginizobibed.pdfIn PDF document text
- https://cdn.sqhk.co/wirubetena/eijghif/cut_and_repair_rope_trick.pdfIn PDF document text
- http://momezalomakejo.22web.org/63169181997.pdfIn PDF document text
- http://fontawesome.iohttp://fontawesome.io/license/In PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://s3.amazonaws.com/tejuvonixag/sukugokodef.pdfIn PDF document text
- http://pomezup.epizy.com/32873716912.pdfIn PDF document text
- https://s3.amazonaws.com/tesasubawalozan/32468367160.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 4
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000fcd4.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xFCD4 | 2984 bytes |
SHA-256: dab582e19a79dfbc1e99bd06a85c3fd08aa1a82f53b15f9dab353261877155b9 |
|||
font_01_sfnt_off0001090d.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1090D | 94992 bytes |
SHA-256: 2276d0e33db4e2b437deb29fc57cbf307a1a8369beb46d64794a42ee515928e9 |
|||
font_02_sfnt_off00022380.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x22380 | 5024 bytes |
SHA-256: 68f000d91289d3d5c839ae1958b368995569ea2941c4f50166c56fde12e111a5 |
|||
font_03_sfnt_off000234c3.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x234C3 | 10436 bytes |
SHA-256: df2e8271b91e38a1883fc3ffd0c5b2084ade63553061ae87bf55e296fdcc296c |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.