MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF file was detected as malicious by ML classifiers and ClamAV, indicating a high likelihood of malicious intent. It contains an embedded URI pointing to 'zajinet.ru', which is likely part of a phishing or malware distribution scheme. Although no scripts were explicitly extracted, the PDF structure and embedded URLs suggest it's designed to trick users into visiting a malicious site, potentially leading to further compromise.
Machine Learning
- Nyx PDF Classifier malicious score 0.9996
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://zajinet.ru/strik?utm_term=madame+butterfly+book+pdf
- https://cdn.sqhk.co/musutalivun/QPkigib/navomomubawelum.pdf
- https://cdn.sqhk.co/dakubakasilu/xjjgjig/hashtag_generator_hash_hashtagger.pdf
- http://aov.one/rubufidevagaw6ppd6.pdf
- https://cdn.sqhk.co/mitugejaxel/ajjtjdU/jetonebavegowafij.pdf
- http://lakufakatoj.iblogger.org/eyebrow_shape_guide.pdf
- https://cdn.sqhk.co/jugomuzuteb/OgiA2ha/hot_wheels_race_off_cars_in_real_life.pdf
- https://cdn.sqhk.co/zenekukera/bSHa2fQ/pifomeb.pdf
- http://svarka-aurora.online/what_text_structure_is_a_biographyuk3vf.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- http://www.daltonmaag.com/
- https://s3.amazonaws.com/pafexegud/wazurovorixo.pdf
- https://s3.amazonaws.com/divelikubapiwaj/shutter_movie_2008_free.pdf
- https://s3.amazonaws.com/sojaxub/21790349294.pdf
- https://s3.amazonaws.com/gezetega/spectrum_analyzer_software.pdf
- https://s3.amazonaws.com/suxuzubojut/kathi_sandai_songs_tamil.pdf
- https://s3.amazonaws.com/befarekogol/jaxivobezeza.pdf
- http://migumirokive.epizy.com/rofugute.pdf
- http://sodukemesi.rf.gd/56113930161.pdf
- http://pewesinelukaveb.epizy.com/poe_atziri_run_guide.pdf
- https://s3.amazonaws.com/wexukufedepim/savaxajemowupobugafu.pdf
- http://danokob.epizy.com/raymarine_c80_dimensions.pdf
- https://s3.amazonaws.com/muvazi/50296902712.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
Extracted artifacts 4
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000167e6.bin43a0bdbc0fff2cb2b1de95bd4c328e309a2339dbde2dba50fb0f847d396e2e69 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x167E6 | 4888 bytes |
font_01_sfnt_off00017902.binfa10e0b25202c11931685c3af7168a0eca90aab7144d93992c2a36281effb8cd |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x17902 | 5048 bytes |
font_02_sfnt_off00018a42.bin7a3bf946e791de18096d29c3c9173d36c07ae91ae4b97b090a7bb770354e23cb |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x18A42 | 12260 bytes |
font_03_sfnt_off0001b230.bind1f4a20f0e35a0564be54678b929bb8c711862c507f070c2b9a6abea8daf4378 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1B230 | 4324 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.