MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF file was flagged as malicious by ML classifiers and ClamAV, indicating a high likelihood of malicious intent. It contains an embedded URL pointing to 'kuzutuzo.ru', which is likely part of a phishing or malware distribution scheme. The document body, though heavily obfuscated, suggests a lure related to 'Harbor freight drill press keyless chuck', possibly to trick users into clicking the malicious link.
Machine Learning
- Nyx PDF Classifier malicious score 0.9996
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://kuzutuzo.ru/strik?utm_term=harbor+freight+drill+press+keyless+chuck
- https://cdn-cms.f-static.net/uploads/4388424/normal_60322e7699e51.pdf
- https://cdn.sqhk.co/pavujakorige/ijbwhbF/lesson_plan_teaching_learning_process.pdf
- https://vopukuno.weebly.com/uploads/1/3/1/3/131383764/7924759.pdf
- http://yandex-delivery.cc/qualitative_research_versus_quantitative_research0leqd.pdf
- https://cdn-cms.f-static.net/uploads/4489607/normal_60199a6359575.pdf
- https://cdn.sqhk.co/wakewafo/4Fheja5/hammer_and_nail_gift.pdf
- https://katifakemu.weebly.com/uploads/1/3/1/3/131381151/lanewinafad.pdf
- https://static.s123-cdn-static.com/uploads/4487906/normal_5ff5b09d01de5.pdf
- https://cdn-cms.f-static.net/uploads/4422135/normal_602456ef4e411.pdf
- https://cdn.sqhk.co/sopiloroda/8jfDeN9/49804092368.pdf
- https://static.s123-cdn-static.com/uploads/4464734/normal_60094f0ef2f59.pdf
- https://static.s123-cdn-static.com/uploads/4384145/normal_5fe5890ad4cd5.pdf
- https://cdn-cms.f-static.net/uploads/4427526/normal_605c8560be820.pdf
- https://nuvitofoje.weebly.com/uploads/1/3/4/6/134640236/bedusebowajojez-pisavel-situbajogo.pdf
- http://baykamif.space/nizutop2tp38.pdf
- https://cdn.sqhk.co/gukitane/khjd78H/dunukadezip.pdf
- https://cdn.sqhk.co/didatife/fYibnhf/23665318022.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://s3.amazonaws.com/faluzotixupi/59798748708.pdf
- https://s3.amazonaws.com/feliso/feedback_analysis_report_format.pdf
- https://s3.amazonaws.com/tojabixefova/advance_directive_template_word.pdf
- https://s3.amazonaws.com/tufujifinobiro/chhichhore_movie_songs_pagal.pdf
- https://s3.amazonaws.com/nimuwet/xofejebewuguwebokigudute.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000110a4.bined20d094f7c186d7998439344182c372767df860b3583df6785e850e963b02f8 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x110A4 | 5684 bytes |
font_01_sfnt_off000123f7.bine12d958188690a2abf4a6e4a27529255c92a0c70a456307b9015a9d34856b819 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x123F7 | 12908 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.