MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The file was detected as malicious by ClamAV and an ML classifier, indicating a high likelihood of malicious intent. The presence of an embedded URI pointing to 'jumiwimov.ru' suggests a phishing or malware distribution attempt. Although no scripts were explicitly extracted, the PDF structure and embedded URLs are indicative of a common attack pattern where users are directed to external malicious sites.
Machine Learning
- Nyx PDF Classifier malicious score 0.9998
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://jumiwimov.ru/strik?utm_term=is+mars+heaven
- https://cdn.sqhk.co/jebavimot/hhAgjhf/bow_target_shooting_arrows.pdf
- http://alcexpress1.xyz/gun_strike_blood_shoot_game_downloadxwpgj.pdf
- https://cdn.sqhk.co/sesijisova/ekhgiSZ/paint_by_numbers_online.pdf
- http://feedbacrnz.space/eat_it_all_gifsvx8c.pdf
- http://fotonagosuslugi-01.space/60864827881mblpv.pdf
- http://qqkaxes.xyz/lepexozls73.pdf
- http://gufutaca3.xyz/jaxovavifepajogauj5.pdf
- https://cdn.sqhk.co/bimepefav/cif7aUY/flickr_unavailable_apple_tv.pdf
- https://cdn.sqhk.co/wuxobilan/hHRQTha/gegugirimapowarizipala.pdf
- https://cdn.sqhk.co/dapumexader/yjcGidm/xixiduv.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://uploads.strikinglycdn.com/files/3be26ad4-6516-4483-abe7-b3fe59407b9d/what_does_gta_5_premium_online_edition_give_you.pdf
- https://1e1f235d-56dd-4976-b20d-d38e3fe7b172.filesusr.com/ugd/210b45_6e043b7d61df44bebd81249e4a923105.pdf?index=true
- https://s3.amazonaws.com/wobuzisibal/bteb_admission_form.pdf
- https://35e1cc1d-5f6c-4a41-9b1b-b9ae8dddc97a.filesusr.com/ugd/351eee_ab05ff319a9a40439ab78a901a5d5774.pdf?index=true
- https://s3.amazonaws.com/jezaxojipevu/rusomatire.pdf
- https://cdfb6f36-dde2-4af5-b3b7-55ff39976061.filesusr.com/ugd/c6ac46_2368509ca10b43d1a933b8c420815d60.pdf?index=true
- https://uploads.strikinglycdn.com/files/d3cd2ba8-0f18-49c5-9d87-b4ccfaf95422/36232020900.pdf
- https://154530d8-637b-49d0-b90a-43bf07a176fb.filesusr.com/ugd/59359a_01823f7b291048b6814088ce130fce89.pdf?index=true
- https://uploads.strikinglycdn.com/files/4306e892-f664-4d27-a9fd-20bac6066974/what_literary_devices_are_used_in_the_tempest.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000f154.bincc685349c075e54e348d61d00dd2de1fde71631216f204ad9abb2ae5355d9539 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xF154 | 4892 bytes |
font_01_sfnt_off000101cb.bin519e4fb5a0db6352aad249d2868eb7f7c72e3b82317f2b5d3c40b1a75cc04736 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x101CB | 11052 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.