MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.002 Spearphishing Attachment
T1204.002 Malicious Link
The PDF file was flagged by ClamAV as Pdf.Phishing.Trojan and an ML classifier indicated a high probability of maliciousness. The embedded URL points to a suspicious domain, likely intended for phishing or malware distribution. The document body is heavily obfuscated, preventing analysis of its specific content, but the presence of the malicious URL is a strong indicator of malicious intent.
Machine Learning
- Nyx PDF Classifier malicious score 0.9555
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://yubit.co.za/XSRYdR1H?utm_term=breville+800esxl+espresso+machine+repair+manual+pdf+download
- https://zobegutibeg.weebly.com/uploads/1/3/4/9/134902349/futesufaximujave.pdf
- https://wetupisotolem.weebly.com/uploads/1/4/1/4/141402343/nibikurosomepe-duzebazitako-kufufusawu-sabojefefusozov.pdf
- https://wokukowuvewa.weebly.com/uploads/1/3/4/3/134316041/xumojotigerin.pdf
- https://mibugekokedepi.weebly.com/uploads/1/3/2/6/132682655/5d8169ef37dd.pdf
- https://fufulodi.weebly.com/uploads/1/4/1/5/141558243/wojoloxem.pdf
- https://perumazenete.weebly.com/uploads/1/3/4/3/134374831/3020831.pdf
- https://vajoribenokajug.weebly.com/uploads/1/3/4/7/134713142/2015758.pdf
- https://zabapekiji.weebly.com/uploads/1/3/4/4/134470890/4251922.pdf
- https://xidiziwuzubiwon.weebly.com/uploads/1/3/4/6/134653180/259f9.pdf
- https://suponililodu.weebly.com/uploads/1/3/4/3/134322256/finedaja-govaf-lipudu-revavifuwonuw.pdf
- https://kimewazokedusa.weebly.com/uploads/1/3/1/4/131454536/77bda.pdf
- https://jikevisanudopud.weebly.com/uploads/1/3/4/0/134017539/45988b3c8d.pdf
- https://xexemibadutora.weebly.com/uploads/1/4/1/3/141304139/695881386.pdf
- https://lamuwopinu.weebly.com/uploads/1/3/4/6/134632291/vuxamisu-kifexujugubi-jopapodowutuj.pdf
- https://xewulowew.weebly.com/uploads/1/3/4/7/134757629/diwamiruno.pdf
- https://dupopawo.weebly.com/uploads/1/3/4/6/134652833/1d457.pdf
- https://bazuditok.weebly.com/uploads/1/3/4/5/134590154/lekaxukesakeked.pdf
- https://tobemokopa.weebly.com/uploads/1/3/0/7/130776516/1055769.pdf
- https://zunuduzeguw.weebly.com/uploads/1/3/4/3/134344012/kimas-zomodav-saselivena.pdf
- https://jexosekiboni.weebly.com/uploads/1/4/1/4/141457423/wajer.pdf
- https://xupubipimabodot.weebly.com/uploads/1/4/1/4/141422378/wakijimusurodeg_pujixexim.pdf
- https://paniwotipetusu.weebly.com/uploads/1/3/4/6/134614288/kemegesilulovetatole.pdf
- https://limulepaxot.weebly.com/uploads/1/3/1/3/131379958/6494191.pdf
- https://kebixepak.weebly.com/uploads/1/4/1/4/141438456/bb79bd52101ae.pdf
- https://barumiborab.weebly.com/uploads/1/4/1/3/141308091/f34482b0e1e850.pdf
- https://kudoxere.weebly.com/uploads/1/3/4/5/134591480/909933.pdf
- https://ligofaxudatejot.weebly.com/uploads/1/3/0/7/130739538/a64c2d.pdf
- https://pipenibeteza.weebly.com/uploads/1/3/4/5/134508730/1130c0226a9.pdf
- https://gupenuwod.weebly.com/uploads/1/3/4/5/134518336/didolari.pdf
- https://lejigatoni.weebly.com/uploads/1/3/1/8/131871980/tedediroto.pdf
- https://lomasegikuporot.weebly.com/uploads/1/3/4/8/134846826/jomadanoxusegasiput.pdf
- https://reforolirif.weebly.com/uploads/1/3/4/8/134885236/ruzatejomagaxup_tukuzoluf_tuleganuz.pdf
- https://tasogedogag.weebly.com/uploads/1/3/4/6/134606554/54883734f962a2.pdf
- https://zoxetojasag.weebly.com/uploads/1/3/1/4/131437223/vapibopiwa.pdf
- https://jigotofobab.weebly.com/uploads/1/3/5/3/135300724/1024294.pdf
- https://jusegopij.weebly.com/uploads/1/3/4/4/134480833/powejagisojegiwo.pdf
- https://nasanoxizi.weebly.com/uploads/1/4/1/4/141460823/1579932.pdf
- https://joxuripuziw.weebly.com/uploads/1/3/4/2/134266010/98051ee.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://dejavu.sourceforge.net
- http://dejavu.sourceforge.net/wiki/index.php/License
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000337c5.bin9d2294e344127da9ddc2b77d68b1576b6b78373885bc9da2859f180a98f2c1e1 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x337C5 | 16792 bytes |
font_01_sfnt_off00034fd7.bin3ae387a14cde1a8e3983621503a60658b41ac11931b1af16f2ac0070cd3a657b |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x34FD7 | 18276 bytes |
font_02_sfnt_off00037f8c.bine389346323a7c12fe805ffb0f7ff11c8eea19507cfa308604771d493a1a00b4a |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x37F8C | 11524 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.