MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The file is identified as malicious by ML classifiers and ClamAV, indicating a high likelihood of malicious intent. The presence of an external URI pointing to 'bologen.ru' suggests an attempt to redirect the user to a potentially harmful site. Although no scripts were explicitly extracted, the PDF structure and heuristic firings indicate it's designed to exploit vulnerabilities or trick users into visiting malicious URLs.
Machine Learning
- Nyx PDF Classifier malicious score 0.9314
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://bologen.ru/123?utm_term=banana+flower+hd+images PDF link annotation
- http://rukozhop-guide.com/does_the_bible_explain_free_willium1f.pdfIn PDF document text
- https://cdn.sqhk.co/junikesiza/bjghgja/.pdfIn PDF document text
- http://arenaprobet.com/best_vegan_pistachio_ice_cream_recipedbzrg.pdfIn PDF document text
- http://quinzsy-studio.design/nozobulaweresafomaba8l307.pdfIn PDF document text
- https://cdn.sqhk.co/dedogupazib/gdYwVie/nolababodigol.pdfIn PDF document text
- https://cdn.sqhk.co/kajutizikodu/jirijic/534641596.pdfIn PDF document text
- https://cdn.sqhk.co/wituwuxevef/RiarCEs/barca_vs_real_madrid_match_report.pdfIn PDF document text
- https://cdn.sqhk.co/lokalofobox/Bx9R9hh/fc_barcelona_logo_wallpaper_android.pdfIn PDF document text
- http://tryadasert.online/1493709551702lr9.pdfIn PDF document text
- https://cdn.sqhk.co/nixafusoda/icicrJv/logefoputetubiwerawute.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://s3.amazonaws.com/jifesu/pijegopadakigowofuf.pdfIn PDF document text
- https://s3.amazonaws.com/nevowimo/canmat_isbd_guidelines.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/db94fbbf-5311-4385-a155-7377caab64b6/15674713083.pdfIn PDF document text
- https://s3.amazonaws.com/vawoginele/lasagna_sheets_recipe_indian.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/bf314da2-8862-4c1c-8f50-f97f2e24a406/how_to_fail_at_almost_everything_and_still_win_big_audiobook.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/a5c039f0-93f4-4ed2-898d-f34d2bd26a5c/who_is_tony_in_season_3_of_the_crown.pdfIn PDF document text
- https://s3.amazonaws.com/zunaporam/73624526024.pdfIn PDF document text
- https://s3.amazonaws.com/vufupu/77968405442.pdfIn PDF document text
- https://s3.amazonaws.com/bisazabe/53157207701.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/1537fde5-c359-46b9-87c1-343f4a01ebfc/xusawitite.pdfIn PDF document text
- https://s3.amazonaws.com/pujirageg/fagabo.pdfIn PDF document text
- https://s3.amazonaws.com/sojuravewi/46124505893.pdfIn PDF document text
- https://s3.amazonaws.com/zuwosil/adobe_audition_music_editor_free.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0004e622.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x4E622 | 5464 bytes |
SHA-256: b982e1d02befd3cbe8b004ddf2370333543f85b8e2c2f03732c0d5c23ceeace6 |
|||
font_01_sfnt_off0004f8a2.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x4F8A2 | 12492 bytes |
SHA-256: b9bb679600d3e9438090dfbe2243f3a4250a948d8564eb553545cd605c858dd3 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.