MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The file is identified as malicious by ML classifiers and ClamAV, specifically as a phishing trojan. The embedded URL points to a suspicious domain, likely serving as a lure for the user to download further malicious content. The document body, though heavily obfuscated, contains references to 'The naked trader pdf', suggesting a pretext for the phishing attempt.
Machine Learning
- Nyx PDF Classifier malicious score 0.9998
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://pelibifir.ru/wix?keyword=the+naked+trader+pdf
- https://cdn-cms.f-static.net/uploads/4446168/normal_5fda7540ef95d.pdf
- http://dumovabitoda.22web.org/54108391280.pdf
- https://cdn-cms.f-static.net/uploads/4476270/normal_5fe8338dabe03.pdf
- http://daliadiago.com/chunkzz_songs_malayalamvfq0a.pdf
- http://dalilexusafa.22web.org/65264789060.pdf
- http://reactivaperu-2020.com/noxutilapitekilebumewifxlv3.pdf
- https://static.s123-cdn-static.com/uploads/4481993/normal_5ff4b9ec935a3.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://uploads.strikinglycdn.com/files/66934343-b37e-4e43-b86d-73cf4f0ffa7e/mekowuzivogiraxevunezipi.pdf
- https://uploads.strikinglycdn.com/files/33d9fee3-2bd2-4890-8f0f-322eed1921ec/7028301680.pdf
- http://sobofepexenux.epizy.com/dell_gx620_drivers_windows_xp.pdf
- http://dazulenaredon.rf.gd/my_application_form_at_unisa.pdf
- https://uploads.strikinglycdn.com/files/ba466965-f223-45ae-a233-960551297737/delonghi_magnifica_s_coffee_machine.pdf
- https://s3.amazonaws.com/zonivezada/76780353729.pdf
- http://xibubixina.epizy.com/oxford_collocation.pdf
- http://nawonuzegajosi.epizy.com/blizzard_slow_speed.pdf
- http://sovuberexizizir.epizy.com/bevirivuvuxinibizazod.pdf
- https://uploads.strikinglycdn.com/files/bd4a7e05-98c8-46ba-a0b0-cb31d5dcaee7/sims_3_macbook_pro_unknown_error_occurred.pdf
- https://s3.amazonaws.com/libowebujakux/dofofetuso.pdf
- https://uploads.strikinglycdn.com/files/d715ac24-29cf-42fe-bf99-108beed4e2b7/21911063236.pdf
- http://fujuresaw.epizy.com/fobudevorujuz.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000ec80.bin7f0d4d083850918443e97a24a33b2b914eddc083b2010deb36cda58668795d3e |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xEC80 | 4932 bytes |
font_01_sfnt_off0000fd3f.bincb2616c38fbcfb4d7dbeb90f1497ba5c43a395d99d570c5b0254e14b1537631c |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xFD3F | 10992 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.