MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF file was detected as malicious by ML classifiers and ClamAV, specifically identified as a phishing trojan. It contains an embedded URI pointing to 'jacksth.ru', which is likely a malicious domain used to host phishing content or deliver further malware. The document body, though heavily obfuscated, contains text related to 'Sports Illustrated swimsuit issue 2017', suggesting a lure to entice users to click the malicious link.
Machine Learning
- Nyx PDF Classifier malicious score 0.9998
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://jacksth.ru/strik?utm_term=sports+illustrated+swimsuit+issue+2017
- https://cdn.sqhk.co/nuzitomizaj/jja0hb0/cut_the_rope_game_download_for_windows_8.pdf
- http://romeita.fun/lakadesomilevifejofk0ph2.pdf
- http://eushopvmn.site/delamusoliei4fs.pdf
- http://reduslimitaly-official.site/158750766211jbj9.pdf
- http://natlab.ru/61725716164j1ggj.pdf
- http://lnstagramverifiedbadgeshelpcenters.net/goriwozogezuguzijmj1gk.pdf
- http://levantemosaic.com/how_do_you_program_a_chamberlain_clicker_remote2y04f.pdf
- https://cdn.sqhk.co/nulegudup/HibaKk8/tengai_makyou_2.pdf
- https://cdn.sqhk.co/xonipavu/HbSichb/zamoxaleruli.pdf
- http://lianhua.life/valmiki_ramayana_slokas_in_tamilr0cfd.pdf
- http://extraevents.ru/jujulawizedevikepupunqq6nx.pdf
- http://thedouche.xyz/poulan_chainsaw_carburetor_rebuild4mkf2.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://uploads.strikinglycdn.com/files/30fc4cef-a10b-470c-a4e9-486531738fa2/50019603673.pdf
- https://uploads.strikinglycdn.com/files/1797645b-bc5d-4e0e-b445-ad735ca16960/41886683495.pdf
- https://uploads.strikinglycdn.com/files/392f9518-9160-4198-9bd4-f2891aaa1c6d/tinadakaguzazorugeve.pdf
- https://uploads.strikinglycdn.com/files/71c88aba-62b4-4868-aae5-cae70473eeb0/16206733794.pdf
- https://uploads.strikinglycdn.com/files/9ca9d2f8-9bcd-4558-b04f-267685537f50/821350676.pdf
- https://uploads.strikinglycdn.com/files/2306f93a-a34a-4b47-87d6-16d70deb9e83/que_significa_titulo_homologado.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000d683.binf1ca03be849cd4294551efc4e68c3fb163bb2388a461cfd1744bd0f1430a4007 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xD683 | 5708 bytes |
font_01_sfnt_off0000e9f2.bin8eea13abf8ab16d50e0e2db1d36b313c08db1261d39d4adc605adc684f2a5386 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xE9F2 | 10776 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.