MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The file is a PDF that contains an embedded URL pointing to a suspicious domain, likely intended to trick users into downloading further malicious content. The ML classifier and ClamAV detection strongly indicate malicious intent, classifying it as a phishing trojan. No scripts were extracted, but the presence of an external URI and the overall detection profile suggest a phishing lure.
Machine Learning
- Nyx PDF Classifier malicious score 0.9992
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://soxebez.ru/123?utm_term=essential+oils+desk+reference+pdf+free
- https://cdn-cms.f-static.net/uploads/4387056/normal_6041cf0850ca6.pdf
- https://static.s123-cdn-static.com/uploads/4444646/normal_5ffcf7899599a.pdf
- https://cdn-cms.f-static.net/uploads/4420250/normal_6039166f1fb14.pdf
- https://cdn-cms.f-static.net/uploads/4460255/normal_602abad0deffa.pdf
- http://kamikofonem.mygamesonline.org/warriners_english_grammar_and_composition_fourth_course.pdf
- https://cdn-cms.f-static.net/uploads/4366982/normal_601a05b91cd67.pdf
- http://virona.org/kowisofobokusewexawuyl8gq.pdf
- http://card2card-perevod24.site/rukojeghlsq.pdf
- http://takovevagagiv.scienceontheweb.net/gavevobuzujetokomevaxunon.pdf
- https://static.s123-cdn-static.com/uploads/4487626/normal_600824a46daac.pdf
- https://cdn-cms.f-static.net/uploads/4417834/normal_6015d3db3a378.pdf
- http://jepisafidezegun.scienceontheweb.net/how_to_teach_a_child_5_senses.pdf
- http://gukevipagopu.mywebcommunity.org/texas_instruments_ti-30x_iis_solar.pdf
- https://static.s123-cdn-static.com/uploads/4417226/normal_5fecc02e60cce.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://s3.amazonaws.com/retobifulipo/35624142419.pdf
- http://jezevenakos.myartsonline.com/73206319224.pdf
- https://s3.amazonaws.com/xamibebulosaxug/98229407432.pdf
- https://s3.amazonaws.com/kaxukok/33353149924.pdf
- https://s3.amazonaws.com/xeroguru/90093359436.pdf
- https://s3.amazonaws.com/magapeguwabe/sotugavilomitidawovi.pdf
- https://s3.amazonaws.com/fuwuzerijofa/90086563721.pdf
- https://s3.amazonaws.com/mikibetiv/78106229967.pdf
- https://s3.amazonaws.com/fodose/39869386606.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000fbe4.bin4af9b470fd300308d5b9be6788920f17505d4dccd8ed8bcb8e6ae3dc5faf359d |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xFBE4 | 5168 bytes |
font_01_sfnt_off00010d8f.binc267517c1851192bdfa100046c4249fff2e6f7a7000019cfe82f734387fa8f38 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x10D8F | 10616 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.