MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF contains an external URI pointing to a URL that is likely a phishing lure, disguised as a free download. ClamAV and ML classifiers strongly indicate maliciousness, classifying it as a phishing trojan. The presence of embedded URLs and the overall structure suggest it is designed to trick users into downloading further malicious content.
Machine Learning
- Nyx PDF Classifier malicious score 0.9991
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://jumiwimov.ru/aws?utm_term=highway+capacity+manual+2016+pdf+free+download
- http://copyright-notice-ig.com/potemikevlq.pdf
- http://bamuwapinofaro.iblogger.org/tmux_cheat_sheet_for_mac.pdf
- http://olivamebel.com/graphpad_prism_5_download_gratisye8vo.pdf
- http://de-bewertung-id-q2e5t23.top/who_is_responsible_for_the_affordable_care_actump5a.pdf
- https://cdn-cms.f-static.net/uploads/4393358/normal_60593a09b196a.pdf
- http://kellys.space/cgegis_rules_1980_download6clcv.pdf
- http://fumatiw.mypressonline.com/dasoxevisipidifini.pdf
- http://kigetipopizatij.getenjoyment.net/tijawadixegen.pdf
- http://digitalmicroteter.xyz/emerald_green_bubble_mailersohq52.pdf
- http://furniture21.online/yardking_self_propelled_lawn_mower_partsur4d9.pdf
- http://ipatovaalena.ru/98766874548w3cht.pdf
- http://negifowutagur.mygamesonline.org/navox.pdf
- https://static.s123-cdn-static.com/uploads/4420238/normal_5fed327649d5c.pdf
- http://clubstore.info/wovasagolipunequk6i.pdf
- https://cdn-cms.f-static.net/uploads/4383791/normal_60384c2ed3eee.pdf
- http://masajsalonunuz.com/dialectical_behavioral_therapy_near_meok5p3.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- http://manosotidokef.myartsonline.com/30961904109.pdf
- http://fiwabafedazuv.epizy.com/zofod.pdf
- https://uploads.strikinglycdn.com/files/f6caef7a-1e47-4d5e-a480-04042f709ee9/forte_pitch_class_set_table.pdf
- https://uploads.strikinglycdn.com/files/19969f9e-a34d-4ac5-a6ce-0e965cace749/37093759639.pdf
- http://gapexer.rf.gd/dopajubiviwumaxilep.pdf
- https://uploads.strikinglycdn.com/files/4b3d8205-4a43-479a-9bcd-a7d0793860ef/10045394720.pdf
- http://japivolenalu.epizy.com/depreciation_expense_goes_on_the_balance_sheet.pdf
- http://moxixezegosa.onlinewebshop.net/pilasimitup.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000fd57.binae37c795d8825c5a27c0fd087d8235c794111738ad21e6a91bfb3797857e5ae0 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xFD57 | 6028 bytes |
font_01_sfnt_off000111da.bin67c6127543b00f664ae0de5e6925b7fb21ef46c59f5b494fc4a21fce607aba94 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x111DA | 11484 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.