MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The file is a PDF document that contains an embedded URL, which is a common tactic for phishing attacks. The ML classifier and ClamAV detection strongly indicate maliciousness. The document body, though heavily obfuscated, appears to be a lure related to appliance troubleshooting, likely intended to trick users into clicking the malicious link.
Machine Learning
- Nyx PDF Classifier malicious score 0.9998
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://gimoguvi.ru/aws?utm_term=samsung+dryer+model+dv45h7000ew%252Fa2+troubleshooting
- http://rokuboxajiga.medianewsonline.com/immanuel_kant_critique_of_practical_reason_summary.pdf
- https://cdn.sqhk.co/vujaderaz/QYAnhgj/platform_bed_frames_full_size.pdf
- https://cdn.sqhk.co/fatidizeru/8YeV9Tw/kigenup.pdf
- http://pedugubugof.mywebcommunity.org/etf_tipping_point.pdf
- http://manamuposa.getenjoyment.net/15889191156.pdf
- http://ribuvesigofozeg.22web.org/80698250785.pdf
- https://cdn.sqhk.co/puzadowoke/gjIhbxE/clash_of_titans_2010_full_movie.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://uploads.strikinglycdn.com/files/942ce9ae-6082-486c-a2eb-670050d25642/where_to_buy_gift_wrapping_ribbons.pdf
- https://uploads.strikinglycdn.com/files/ae723c99-df48-40a9-9cd2-1e275c561ee4/nifejeviwamujugulogeketa.pdf
- https://s3.amazonaws.com/pigolo/black_and_decker_food_processor_fp1700b_manual.pdf
- http://mejefelutirarej.epizy.com/79018869095.pdf
- https://s3.amazonaws.com/kiguteperilodu/cmhc_rental_market_report_vancouver.pdf
- http://tunarijog.rf.gd/guided_meditation_reiki_attunement.pdf
- http://gavasirobodi.rf.gd/99285153494.pdf
- https://uploads.strikinglycdn.com/files/5676baf5-ad37-4ce5-9af6-303f50d691b1/68938075446.pdf
- https://uploads.strikinglycdn.com/files/e18b808c-c804-44df-86fe-f9b8ae4a55a4/what_is_the_biblical_definition_of_discipleship.pdf
- https://s3.amazonaws.com/puretulenuza/cambridge_global_english_stage_7_coursebook_answers.pdf
- https://s3.amazonaws.com/wizitifowubux/amtech_prodesign_guide.pdf
- https://uploads.strikinglycdn.com/files/ed8d465e-aa75-4692-9f59-1c5f3eec964f/96783607395.pdf
- https://uploads.strikinglycdn.com/files/59bfaba2-4f1d-4844-a47e-5a750a70c113/toro_weed_wacker.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000ef64.bin040e22ae2e5fa344d78152558b92d09f5be2d0b08a9c010b686010766e2cea79 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xEF64 | 6340 bytes |
font_01_sfnt_off000104f2.bind38510ac50aaef26861ac4270c3c32280429ad1833a1b554fb883692da977a37 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x104F2 | 10940 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.