MALICIOUS
126
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF document contains heuristics indicating it is a phishing lure, specifically requesting recovery secrets or private keys. It also embeds external URLs, one of which is associated with a known phishing domain. Although no scripts were explicitly extracted, the PDF structure and embedded URLs suggest an attempt to redirect the user to a malicious site for credential harvesting or to download further malware.
Machine Learning
- Nyx PDF Classifier suspicious score 0.4570
Heuristics 5
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
Recovery secret / private key request critical SE_SECRET_RECOVERY_LUREDocument requests recovery phrases, private keys, backup codes, or saved passwords. Requests for these secrets in a document are high-risk.
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://midufefew.ru/123?utm_term=google+data+engineer+certification+study+guide PDF link annotation
- https://mijevofere.weebly.com/uploads/1/3/1/6/131606011/435332.pdfIn PDF document text
- https://jitolubupiloz.weebly.com/uploads/1/3/4/6/134637312/mupubodikom.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4424683/normal_5ff6a71434475.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4480393/normal_6053192b09906.pdfIn PDF document text
- https://wuselusovofose.weebly.com/uploads/1/3/1/1/131164562/guragunimenete_pubovaki.pdfIn PDF document text
- https://gosinixubog.weebly.com/uploads/1/3/4/8/134875818/3061610.pdfIn PDF document text
- https://suxokigivulumu.weebly.com/uploads/1/3/4/4/134479742/kajisofixipedupo.pdfIn PDF document text
- https://fesoviso.weebly.com/uploads/1/3/4/7/134710514/zobejelanoxe-lajozuj-legedozosexo.pdfIn PDF document text
- https://wigowaziralo.weebly.com/uploads/1/3/4/4/134498628/5054411.pdfIn PDF document text
- https://zafivagofe.weebly.com/uploads/1/3/6/0/136011523/5d1bbb.pdfIn PDF document text
- https://nezasofesaz.weebly.com/uploads/1/3/5/9/135961661/4370733.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4484990/normal_6043e69990ae9.pdfIn PDF document text
- https://jabekidedur.weebly.com/uploads/1/3/1/6/131636775/tozamakejuratufigeji.pdfIn PDF document text
- https://jijubukaxujofi.weebly.com/uploads/1/3/4/8/134892288/2079772.pdfIn PDF document text
- https://tisemijosugimuv.weebly.com/uploads/1/3/1/0/131070246/60c5a27c.pdfIn PDF document text
- https://vatopefo.weebly.com/uploads/1/3/1/3/131398509/petefo.pdfIn PDF document text
- https://gafujewat.weebly.com/uploads/1/3/4/6/134687801/bedusiberew.pdfIn PDF document text
- https://wawedubogefolik.weebly.com/uploads/1/3/5/3/135391715/0c06c68c5.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- http://tazijebep.pbworks.com/w/file/fetch/144420078/how_much_do_kraftmaid_cabinets_cost.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/78511e5c-acd7-4afc-ad56-9a9acd4c6b6f/vedemidifokanuvopulirek.pdfIn PDF document text
- http://jesababa.pbworks.com/w/file/fetch/144413961/do_graphic_designers_make_album_covers.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/b51df081-744d-4805-918e-64eec3850873/what_is_the_job_of_the_white_house_usher.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/d5981ce9-2648-442a-a7c9-fb1ffbe45199/95103055878.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/76b521c9-6da3-4ccf-be5d-e52ff6e7912c/best_dance_songs_80s_and_90s_list.pdfIn PDF document text
- http://sonopewobu.pbworks.com/f/34364482664.pdfIn PDF document text
- http://gatasulupu.pbworks.com/f/13253785000.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/12d48355-d6c5-4ea1-8ec6-494ed78b6990/74888833272.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
- http://dejavu.sourceforge.netIn PDF document text
- http://dejavu.sourceforge.net/wiki/index.php/LicenseIn PDF document text
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000a3a99.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xA3A99 | 5320 bytes |
SHA-256: d03c49c9c3593cb3bd9d67566a80683790fb4772d3d138b68a4d7d64efa33a5f |
|||
font_01_sfnt_off000a4cdc.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xA4CDC | 13176 bytes |
SHA-256: 82d058dca479dabddb5291756acacc097c24f9fcd590f47f66251e0b8c4e99bd |
|||
font_02_sfnt_off000a7a19.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xA7A19 | 16348 bytes |
SHA-256: a65d9113154d50448ea1887457dec59ac5940d99b5d029e54fec5e45ca7787b5 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.