MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The file is a PDF document flagged as malicious by ClamAV and an ML classifier. It contains an embedded URL pointing to 'https://soxebez.ru/123?utm_term=aida64+sensor+panel+s', which is likely used to deliver a secondary payload or redirect the user to a phishing site. The document body, though heavily obfuscated, suggests a lure related to software information or downloads.
Machine Learning
- Nyx PDF Classifier malicious score 0.9998
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://soxebez.ru/123?utm_term=aida64+sensor+panel+s
- https://cdn-cms.f-static.net/uploads/4382613/normal_60254d1782bdb.pdf
- https://static.s123-cdn-static.com/uploads/4373999/normal_5feb5c2159d57.pdf
- https://cdn-cms.f-static.net/uploads/4453730/normal_5fd8dc6bea996.pdf
- http://manamuposa.getenjoyment.net/10320977413.pdf
- http://devigebogubiret.getenjoyment.net/99517184220.pdf
- https://cdn-cms.f-static.net/uploads/4418167/normal_5fdacb2f93bad.pdf
- http://goladelexugezi.sportsontheweb.net/aprende_ingles_con_canciones_hotel_california.pdf
- https://static.s123-cdn-static.com/uploads/4443812/normal_5fc6bfe384c04.pdf
- http://jisuvakuwiraza.medianewsonline.com/tijolobo.pdf
- http://zodimasar.mypressonline.com/tofazuxixowagajonijumigo.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://uploads.strikinglycdn.com/files/a9b32060-db78-4d39-8eae-078b20c8cf2a/wujimusipa.pdf
- https://uploads.strikinglycdn.com/files/49c9f6be-d7e0-4bd4-81f6-8f40946baaef/wsjt-x_2.1.0_manual.pdf
- http://zalatikewal.atwebpages.com/amnistie_fiscale_maroc_2020.pdf
- https://uploads.strikinglycdn.com/files/02f3d86f-5655-4a97-9584-74e1201f4e7c/medenapulemires.pdf
- https://uploads.strikinglycdn.com/files/6dd17c0d-a84b-4547-883c-02eabc732787/88959510835.pdf
- https://uploads.strikinglycdn.com/files/07291002-5933-4a87-89c9-320a77f60f31/wudadizesu.pdf
- https://uploads.strikinglycdn.com/files/d6b39e1f-9dd4-4de8-8755-2076ee7e1ca1/sijuzukaropinemirawelexaw.pdf
- http://jaweratiz.atwebpages.com/navodaya_registration_form.pdf
- https://uploads.strikinglycdn.com/files/154c4f20-edc0-46d0-acd1-18c4dd3182f1/18042420071.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00010008.bind760c4eb7eecbb8c03f8541074776d7484ac0c3f4adbf9ad4b5414b059bd02f5 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x10008 | 5184 bytes |
font_01_sfnt_off000111bc.bin0e4745196afea3eba9aeb4df44dff55edff011267fae711699223461ec29d11f |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x111BC | 11380 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.