MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF file was flagged by a machine learning classifier and ClamAV as malicious, specifically indicating a phishing or trojan threat. It contains an embedded URI pointing to 'dugedepap.ru', which is likely part of a phishing or malware distribution scheme. The document body, though heavily obfuscated, suggests a lure related to a 'practical guide to dragon riding pdf'. No scripts were extracted, but the presence of external URIs and the malware detection strongly suggest an attempt to deliver a secondary payload or phish for credentials.
Machine Learning
- Nyx PDF Classifier malicious score 0.9996
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://dugedepap.ru/wix?keyword=a+practical+guide+to+dragon+riding+pdf
- http://naxiramomamaz.66ghz.com/netitoruveminu.pdf
- http://poxumanavofeboz.scienceontheweb.net/alimentos_transgenicos_redalyc.pdf
- http://lakituman.iblogger.org/karusirumamavebudumu.pdf
- http://jolijivik.scienceontheweb.net/embryo_development.pdf
- http://zixivudu.getenjoyment.net/xigilunopabekisasesogixo.pdf
- http://gekigevuzif.iblogger.org/what_is_the_role_of_table_topics_master_in_toastmasters.pdf
- http://zubomojitozames.iblogger.org/ver_el_hobbit_2_pelicula_completa_en_espaol_latino.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- http://bubalafugevale.rf.gd/cambridge_latin_course_unit_1_stage_6_translations.pdf
- http://tokiziguvavu.rf.gd/xijugit.pdf
- http://gigegukamo.epizy.com/65158621224.pdf
- http://potelodifudoduj.epizy.com/chaar_sahibzaade_movie_songs.pdf
- http://xipipowateselok.epizy.com/dozezizifu.pdf
- http://jiranonule.rf.gd/how_to_port_ios_rom_for_android.pdf
- http://xemokajufowun.rf.gd/whatsapp_plus_apk_for_windows_phone.pdf
- http://rubofad.rf.gd/62073189287.pdf
- http://turegipamikum.epizy.com/2019_audi_r8_v10_plus_performance.pdf
- http://xupebina.epizy.com/how_do_you_change_your_voicemail_on_a_toshiba_office_phone.pdf
- http://gebilame.epizy.com/symbolic_interactionist_perspective_on_gender_inequality.pdf
- http://jezevenakos.myartsonline.com/rent_agreement_format_download.pdf
- http://faxiruvud.myartsonline.com/hairspray_script_mti.pdf
- http://delifovirapa.rf.gd/architecture_studio_companion.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000da43.bina38961928ecc7dfb33e9c53983faecc91ac84da6384d273259468a5d95fac730 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xDA43 | 5136 bytes |
font_01_sfnt_off0000ebcb.binee3b551ee67577fb90aa290042028ed321dc7c4e030d6fd6af490ad3be564998 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xEBCB | 10968 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.