MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF file contains an embedded URL that directs users to a suspicious domain, likely for phishing or malware distribution. ClamAV and ML classifiers strongly indicate malicious intent. The document body, though heavily obfuscated, appears to be a lure related to a fabric steamer, aiming to trick users into visiting the malicious link.
Machine Learning
- Nyx PDF Classifier malicious score 0.9993
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://resalured.ru/strik?utm_term=how+to+use+a+conair+compact+fabric+steamer PDF link annotation
- https://cdn-cms.f-static.net/uploads/4366055/normal_602786993fa0f.pdfIn PDF document text
- http://obuv-kozha.ru/the_poky_little_puppy_first_christmas_1973x356n.pdfIn PDF document text
- http://totalcreditcheck.info/asus_pce-ac68_manual57dzg.pdfIn PDF document text
- http://ekzo-fruit.ru/libro_de_los_muertos_egipcio_completo4qmqi.pdfIn PDF document text
- http://teenagetutor.net/mlb_standings_scores_yankeesek8pt.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4495843/normal_604e6d330d49d.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4449000/normal_602999894fa43.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4479675/normal_5ff1ec265e594.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://uploads.strikinglycdn.com/files/899f3880-573b-4347-9c7b-3ca44534a86a/how_to_do_apa_references_in_google_docs.pdfIn PDF document text
- https://s3.amazonaws.com/satulibaren/52845948307.pdfIn PDF document text
- https://s3.amazonaws.com/lebaxa/althusser_essays_on_ideology.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/5815f7cf-01b8-4e48-a033-a53f6c315500/los_3_fundamentos_basicos_del_voleibol.pdfIn PDF document text
- https://s3.amazonaws.com/fajonubinomeder/whatsapp_watusi_duplicate.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/033dd321-0a0e-4fce-a04b-5e4226627158/shure_blx_beta_58a_price.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/88234893-1c79-4da9-ae31-1a7310f82a96/rovafiniwibizanuw.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/297f6956-9f1c-45f6-bbb6-52b69675c4e4/horus_rising_audiobook.pdfIn PDF document text
- https://s3.amazonaws.com/fajujiju/javascript_design_patterns_20_patterns_for_expert_code_download.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/712a0f9d-8854-4046-928b-0cf8281ee772/13180420445.pdfIn PDF document text
- https://s3.amazonaws.com/lanubili/radepege.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/39d7f009-e9ff-4951-85b6-5c204e5df308/wogob.pdfIn PDF document text
- https://s3.amazonaws.com/bolovopizonuki/little_shop_of_horrors_1960_blu_ray.pdfIn PDF document text
- https://s3.amazonaws.com/sinadi/40078987741.pdfIn PDF document text
- https://s3.amazonaws.com/ninasivol/dyson_ball_vacuum_cleaner_cleaning_filter.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000fa33.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xFA33 | 5320 bytes |
SHA-256: 546b62a0fbdb0dc9b4631471026261c6bf555177e0f2b847dc7236686681c8d3 |
|||
font_01_sfnt_off00010c41.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x10C41 | 10792 bytes |
SHA-256: e2720e0a4ac5c10996295cb1e0a93fa4c5115aea7585259d3f2cff5418c2e59d |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.