MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF file contains an embedded URL that leads to a suspicious domain, identified by ClamAV as Pdf.Phishing.Trojan. The ML classifier also flagged this PDF with high confidence. The document body, though heavily obfuscated, appears to be a lure related to 'Sri rudram meaning in telugu', aiming to trick users into visiting the malicious URL.
Machine Learning
- Nyx PDF Classifier malicious score 0.9880
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://jacksth.ru/strik?utm_term=sri+rudram+meaning+in+telugu PDF link annotation
- http://hayatevesigar.online/48899661014na58r.pdfIn PDF document text
- http://hellesypakk.online/9736446699wp9mm.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4422631/normal_601784b49e532.pdfIn PDF document text
- http://particuliers-societegenerale.xyz/rosogofistc1q.pdfIn PDF document text
- http://nonretloli.site/soccer_world_cup_final_2020_pakistan3ctun.pdfIn PDF document text
- http://7lessons.fun/syncopated_rhythm_exercisespm0x9.pdfIn PDF document text
- http://helpverifybadges.com/nikorabibimelixi2cxc9.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4491164/normal_6030588d3cd45.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4415543/normal_600103a9a695e.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4378379/normal_5ff522d2879a5.pdfIn PDF document text
- http://pinerapidsrr.com/pearson_mymathlab_college_algebra_answerserhwh.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4391915/normal_60407fe8a8f85.pdfIn PDF document text
- http://myfavoritesun.xyz/chick_fil_a_10001jj13r.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- http://fedorahosted.org/lohitIn PDF document text
- https://s3.amazonaws.com/bisiku/beethoven_moonlight_sonata_sheet_music_easy.pdfIn PDF document text
- https://s3.amazonaws.com/mudurixo/samsung_galaxy_tab_a_sm-t580_wireless_charging.pdfIn PDF document text
- https://s3.amazonaws.com/rirusozo/48776961842.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/a86b9573-ff33-4179-903e-a574fb1f2c02/pi-star_mmdvm_display.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/abd073c8-f4e6-4232-a2cc-9547ecca1f04/49767052228.pdfIn PDF document text
- https://s3.amazonaws.com/jupudizadid/how_to_reset_a_kenmore_top_load_washing_machine.pdfIn PDF document text
- https://s3.amazonaws.com/mozedijiz/nipufad.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/097ad7de-6460-4235-8034-55f8d945512d/kipidekipelogurumekijudo.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/1733b334-b83a-4a8d-bf25-87a02bf5f87a/75650541552.pdfIn PDF document text
- https://s3.amazonaws.com/loneminovu/classic_shell_windows_8.pdfIn PDF document text
- https://s3.amazonaws.com/libowebujakux/how_to_charge_a_stanley_300_amp_jump_starter.pdfIn PDF document text
- https://s3.amazonaws.com/lovetijif/king_report_on_corporate_governance.pdfIn PDF document text
- https://s3.amazonaws.com/duzexefemosaxe/monster_vs_aliens_characters.pdfIn PDF document text
- https://s3.amazonaws.com/jajuzasalikirut/harpsichord_sheet_music_easy.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 4
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000170d5.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x170D5 | 5072 bytes |
SHA-256: ef03e9158ebfc5bf654cc2670bf7c20fc903e31ec5454958e35bb60148e05bf5 |
|||
font_01_sfnt_off000181f8.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x181F8 | 2140 bytes |
SHA-256: bd0784ee9876bc41ae9331b4caf9baef264e0407ad23fd824191b90179f213f9 |
|||
font_02_sfnt_off00018b69.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x18B69 | 85172 bytes |
SHA-256: 1a505f16d03ff5e5c7818e97ba924125618116f3eb43583da9b8f2a58a53fe89 |
|||
font_03_sfnt_off00021dba.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x21DBA | 9720 bytes |
SHA-256: 71759159c11797d6b0370115461e1e1aa4eed5d86109d84ddad76a9586c25daf |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.