MALICIOUS
74
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The file is identified as malicious by ClamAV with a 'Pdf.Phishing.Trojan' signature. The presence of an external URI pointing to 'maypoin.ru' and the heuristic 'SE_URGENCY_LURE' suggest a phishing attempt. Although no scripts were explicitly extracted, the PDF format can embed JavaScript, which is often used to redirect users to malicious sites or exploit vulnerabilities.
Machine Learning
- Nyx PDF Classifier clean score 0.1176
Heuristics 5
-
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
-
Urgency / deadline lure low SE_URGENCY_LUREDocument contains urgency or deadline language ('account will be terminated', 'action required within 24 hours', etc.) — useful context, but low-signal without other findings
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://maypoin.ru/award?keyword=bucket+elevator+catalogue+pdf PDF link annotation
- http://bujaxodu.iblogger.org/the_f_formula_flirting.pdfIn PDF document text
- http://suraneb.scienceontheweb.net/apostila_para_auditor_fiscal_da_receita_federal_2020_gratis.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4426088/normal_6018327d2d7e7.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4484365/normal_5ffab0d3b3d10.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4460954/normal_5fca2fce45859.pdfIn PDF document text
- http://ravujonawugip.22web.org/cerebral_venous_thrombosis_guidelines_2017.pdfIn PDF document text
- http://rerokofige.iblogger.org/mobujegapani.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4467571/normal_603790bf1e50c.pdfIn PDF document text
- http://xaredazisom.mywebcommunity.org/antisocial_personality_disorder_symptoms.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- http://vejuzaxifokifo.rf.gd/72047187519.pdfIn PDF document text
- http://bolopanezodubun.rf.gd/16069729099.pdfIn PDF document text
- http://rubigireluj.rf.gd/74878891073.pdfIn PDF document text
- https://s3.amazonaws.com/zoxewudunigus/96333126511.pdfIn PDF document text
- http://vivefisapef.epizy.com/romeo_and_juliet_1996_imdb_parents_guide.pdfIn PDF document text
- https://s3.amazonaws.com/viboxikuz/xagunozipuwabevipawos.pdfIn PDF document text
- https://s3.amazonaws.com/xixonu/71717871546.pdfIn PDF document text
- http://lugegurofeso.epizy.com/samsung_washing_machine_and_dryer_manual.pdfIn PDF document text
- http://vegazomu.epizy.com/sezolatetikolox.pdfIn PDF document text
- http://filexumif.epizy.com/cowboys_aliens_tamil_dubbed_movie.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00155674.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x155674 | 5320 bytes |
SHA-256: 426c20b44116e6a014057be9746b98aab611ff796177fd68f9ddd6e51a4b2ef6 |
|||
font_01_sfnt_off001568b5.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1568B5 | 11548 bytes |
SHA-256: 0ea2fcb32b6e9c91f341860b9f1568d69cd7fb4679085635eff6cdfbe9e9867a |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.