MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The file was detected as malicious by ML classifiers and ClamAV, indicating a high likelihood of malicious intent. The PDF contains an embedded URI pointing to a suspicious domain, likely intended to redirect the user to a phishing or malware distribution site. While no scripts were explicitly extracted, the PDF structure and embedded URI suggest an attempt to exploit users through a phishing lure.
Machine Learning
- Nyx PDF Classifier malicious score 0.9996
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://seumenha.ru/award?keyword=barisan+dan+deret+aritmetika+dan+geometri+pdf
- http://serarudipiwuvon.mypressonline.com/36627575292.pdf
- http://bikelumonekodex.mygamesonline.org/8062834761.pdf
- https://static.s123-cdn-static.com/uploads/4368772/normal_5fdf006a62a8c.pdf
- http://blaugrana.ru/download_mod_thunder_assault_raiden_strikercmckw.pdf
- https://cdn-cms.f-static.net/uploads/4465397/normal_5fd0df8293165.pdf
- http://beremoter.online/zepafomasaxitsln3y.pdf
- https://cdn-cms.f-static.net/uploads/4505839/normal_5fd7882f08e27.pdf
- https://cdn-cms.f-static.net/uploads/4388596/normal_6022a62a979cb.pdf
- https://cdn-cms.f-static.net/uploads/4477629/normal_6047b9a83d405.pdf
- https://static.s123-cdn-static.com/uploads/4475586/normal_5fed7566ef099.pdf
- https://static.s123-cdn-static.com/uploads/4379355/normal_5ffb50bd3712f.pdf
- http://bestsaleshopin.xyz/lehman_brothers_case_study_answersid7id.pdf
- http://regse.website/party_invitation_template_ppt401wz.pdf
- http://websporizlehd.com/lagu_dj_mr_bombastic1vp7o.pdf
- https://cdn-cms.f-static.net/uploads/4487902/normal_605c5a69ce28a.pdf
- http://vepenuvix.mygamesonline.org/brasseler_usa_catalog.pdf
- https://cdn-cms.f-static.net/uploads/4390051/normal_5fe74b0e6d0cf.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://4c80ca50-31de-4e6f-b265-471620011c4a.filesusr.com/ugd/08c6b7_d0820b79abdd45c1b82fa3acab77162a.pdf?index=true
- http://vilumepidiwego.myartsonline.com/34081871181.pdf
- https://s3.amazonaws.com/tuletivotarupu/mapa_politico_de_africa_para_imprimir.pdf
- https://s3.amazonaws.com/kelukakeb/professional_email_template_example.pdf
- https://16dc6c2a-32e3-4a69-9eea-5b59d93654f8.filesusr.com/ugd/176c29_13dd7ec3fd2f46d48fa140a7a1703c42.pdf?index=true
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000f322.bin0eceb115171cce4c0ced6ebb526d53aaefaf990ee9dd8249c5b4a6d8848aaae0 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xF322 | 5440 bytes |
font_01_sfnt_off00010596.bin3b9c48b44e17bb66747d4a0e3248ac1f9197417220d86bf20ba912b1cffe998b |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x10596 | 10456 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.