MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF file was detected as malicious by ML classifiers and ClamAV, with a specific ClamAV detection of 'Pdf.Phishing.Trojan'. The document body, though heavily obfuscated, contains text related to a 'Blaze pizza job application pdf', suggesting a social engineering lure. The primary IOC is an external URI pointing to 'jumiwimov.ru', which is likely the destination for the phishing or malware download.
Machine Learning
- Nyx PDF Classifier malicious score 0.9998
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://jumiwimov.ru/award?keyword=blaze+pizza+job+application+pdf
- http://nakodinita.scienceontheweb.net/8094108992.pdf
- http://betixisu.22web.org/b._e._d_jacquees_remix.pdf
- https://static.s123-cdn-static.com/uploads/4382972/normal_5fc5f555bd191.pdf
- https://cdn-cms.f-static.net/uploads/4498404/normal_600c876842903.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- http://xugivikiseb.rf.gd/20765450890.pdf
- https://5b0e1d79-1acc-45ba-a965-31015372eee8.filesusr.com/ugd/67f5f7_ce9e3436069b46f0898fddf1cc9f8925.pdf?index=true
- https://uploads.strikinglycdn.com/files/a8b77b18-f235-4a33-be05-3d0e54b84541/80835326745.pdf
- https://32cf4326-ba62-484c-a3ca-05d02c2dd2e5.filesusr.com/ugd/0b46e6_2e50bb18a70349ff91523dbbd9f00b48.pdf?index=true
- http://waxukoke.epizy.com/cyberflix_tv_apk_app.pdf
- http://sulenovigadi.myartsonline.com/article_136_of_limitation_act.pdf
- https://fe2b84af-b373-48e0-a714-f820169e3fe9.filesusr.com/ugd/ed1d2e_e419b496c8724b298f28d436f027559e.pdf?index=true
- http://redifigikutusoj.myartsonline.com/45368794625.pdf
- http://lozepis.epizy.com/attack_on_titan_season_3_part_2_review.pdf
- https://uploads.strikinglycdn.com/files/3ba7d8a0-20af-4a12-b03d-1e13904ef1fd/what_does_chinese_character_mean.pdf
- https://44bb6ee8-a0fe-4f72-890f-0f0a2fec05cf.filesusr.com/ugd/b65acf_1c7985d88cd343cc9f3434f40176dc01.pdf?index=true
- http://pigimefupe.epizy.com/cassation_decision_volume_15.pdf
- https://uploads.strikinglycdn.com/files/592300de-67db-4c19-be42-758f17d4c623/boye_scarf_loom_patterns.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000f1a6.bin80b6b72f678b1ee1dbe627b5cdd337837b2e020a8ae1a764871d176f239d8861 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xF1A6 | 5188 bytes |
font_01_sfnt_off00010368.bin58787094f82be58048c8549428effa0c5071c7abde20b09b2d6a2a2cf7d9ed3d |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x10368 | 11476 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.