MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1203 Exploitation for Client Execution
This PDF file was flagged as malicious by both ML classification and ClamAV, indicating a high likelihood of malicious intent. The presence of embedded URLs suggests a phishing or credential harvesting attempt, or a lure to download further malicious content. The file's structure and content, despite being obfuscated, align with typical malicious PDF delivery mechanisms.
Machine Learning
- Nyx PDF Classifier malicious score 0.9937
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://feedproxy.google.com/~r/sq/ugae/~3/5VO7y1TeAqQ/square?utm_term=list+of+english+words+containing+q+not+followed+by+u
- https://static1.squarespace.com/static/60bf6c89a2b0b938881bcf91/t/60e931f8b68d8f0f4bf8d155/1625895416567/ranusakinaririlogemojup.pdf
- https://static1.squarespace.com/static/60aac59fb7e9621e2f466549/t/60e892346a4b4a6f2e73a2bc/1625854516265/anatomical_name_for_calf_muscle.pdf
- https://static1.squarespace.com/static/60aac5994c6b1805bc4acbdb/t/60e926352f3c4128e18a7552/1625892405220/checkra1n_icloud_bypass_download.pdf
- https://static1.squarespace.com/static/60bf6c89a2b0b938881bcf91/t/60e8eeeb0cbdad4d3503b73d/1625878252090/passive_transport_in_a_sentence.pdf
- https://static1.squarespace.com/static/60bf6cad3a95e91b59aa2418/t/60ec7c705f604029b990c44d/1626111088808/87272467751.pdf
- https://static1.squarespace.com/static/60bf6bff0d8d387fecc8b153/t/60e94f192dabf2723555ca4f/1625902873920/xujarubajasopunetil.pdf
- https://static1.squarespace.com/static/60aac5994c6b1805bc4acbdb/t/60e8e56b2f3c4128e1871cab/1625875819188/xazogiz.pdf
- https://static1.squarespace.com/static/60aac59fb7e9621e2f466549/t/60e7eb69adf2c26882014ab9/1625811818042/what_does_rtx_stand_for.pdf
- https://static1.squarespace.com/static/60bf69b23f3791685666e32d/t/60e79e914aaab0286a876e34/1625792146034/confidence_building_activities_for_students.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://dejavu.sourceforge.net
- http://dejavu.sourceforge.net/wiki/index.php/License
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000c90d.bin6d9b0865cfe3203abad8651b69b64e7d34c8d9bdc9103a8f68ccd1c64d68ee72 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xC90D | 11300 bytes |
font_01_sfnt_off0000e31e.binbfb8d2bd8bea2928918b11c71e0194bbb2df33b6a5857890f17f6cc5e7c51e0c |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xE31E | 15892 bytes |
font_02_sfnt_off00010bfa.bin9d2294e344127da9ddc2b77d68b1576b6b78373885bc9da2859f180a98f2c1e1 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x10BFA | 16792 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.