MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF file was detected as malicious by ClamAV and an ML classifier, indicating a high likelihood of malicious intent. It contains an embedded URL pointing to a domain that is not confirmed as benign, suggesting it is used for phishing or malware distribution. The document body, though heavily obfuscated, appears to be a lure related to a product manual.
Machine Learning
- Nyx PDF Classifier malicious score 0.9996
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://golowaki.ru/strik?utm_term=pebble+smartwatch+301bl+manual PDF link annotation
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://uploads.strikinglycdn.com/files/6d61e7b3-2ef3-4e38-b52b-3b611cb54d6e/jerokifax.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/021f80e1-34ac-4b52-a0a9-707a7de17994/kalurimudowofemikojo.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/7124ad2a-2474-4267-9ba8-bf33f7749998/23801443475.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/cec20197-7ea0-4649-92cb-d083d53816f0/12629238064.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/d17a0cbd-a009-43d7-bc34-a3b54b46016b/char_broil_grill2go.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/af9ff27e-47c1-4b2d-9835-ea8e6497f0c2/adele_someone_like_you_chords_c.pdfIn PDF document text
- https://s3.amazonaws.com/xakusineba/3_words_8_letters_say_it_and_im_yours_episode.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/279b6194-82c8-4d8c-be54-6145dcc46442/57722975427.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/3616699c-44f7-439e-b449-c2118fe0d61f/viluzadogerolaxe.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/044bf67e-556d-4f6c-a23e-122be1b148b0/31915685132.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/cfde8f37-a701-419e-a8d0-e3eabddc8af6/gagojesowolum.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/80b5f181-841d-4b3e-9079-4c44871411f6/licensed_therapeutic_foster_parent.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/3b2fc2a8-d3d1-4aa1-8ff2-e7345e9416d2/baby_bjorn_chair_weight_limit.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/8707a385-80a9-4fcb-8de3-c48c42aa7275/percy_jackson_greek_heroes_hardcover.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/94ac6381-72e3-4741-9137-96e79a101952/beats_solo_3_special_edition_rose_gold.pdfIn PDF document text
- https://s3.amazonaws.com/gurafoga/kusuga.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/de443a73-a610-4b58-b675-f33cb43a8664/photoshop_books_hindi_free_download.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/100368be-4e99-4b85-92ec-8b2babf01538/pet_sematary_book_review_no_spoilers.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/1e85daa0-fcdb-4ae5-8ee4-1583e599dd41/links_awakening_remake_review_embargo.pdfIn PDF document text
- https://s3.amazonaws.com/xovekolamoxe/can_i_get_tomtom_maps_for_free.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/aad494c0-3c0e-4ef7-a62d-ae736508c626/dr_zhivago_synopsis_book.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/c4136584-fba8-419d-b515-0b47b7221dbb/philips_lifeline_npi_number.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000f127.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xF127 | 5632 bytes |
SHA-256: ee2dabd315f43d2bc4a9a69572bd43c6a855937a36cf0472de8e159571157553 |
|||
font_01_sfnt_off00010435.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x10435 | 10672 bytes |
SHA-256: f73b656af30d70bea9c1416c09fc5d98a077ce90013e92702b01498ae2206ca1 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.