MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF file was flagged by a machine learning classifier and ClamAV as malicious, with a high risk score. It contains an embedded URI pointing to a suspicious domain, likely intended to trick the user into downloading a malicious file. The document body, though heavily obfuscated, suggests a lure related to a book PDF, further supporting a phishing or social engineering attack vector.
Machine Learning
- Nyx PDF Classifier malicious score 0.9996
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://nipisod.ru/wix?keyword=thomas+mann+dr+faustus+pdf
- http://kernig.store/3971394810cw5hy.pdf
- https://rezibaxuxemabu.weebly.com/uploads/1/3/1/4/131453555/tadunuz.pdf
- https://cdn.sqhk.co/zamokaxu/gehLpmX/dairy_plant_layout_and_design_report.pdf
- https://buxenawemino.weebly.com/uploads/1/3/4/5/134581697/kekusawaki.pdf
- http://mebel-albero.ru/awake_streaming_vff1hdz.pdf
- https://cdn.sqhk.co/xonepogafix/nhfPiaM/tomizurevofarix.pdf
- https://cdn.sqhk.co/pafatewodoju/icihjhe/95144205765.pdf
- http://mynasert.online/bypass_samsung_google_account_free5k6q6.pdf
- https://bujubupe.weebly.com/uploads/1/3/1/4/131437121/miforad-lemomigi-wewis.pdf
- https://cdn.sqhk.co/juzilolawu/0W2VicU/wajis.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://s3.amazonaws.com/kudufigunabi/advantages_of_wearable_technology.pdf
- https://s3.amazonaws.com/betefowubevat/aplikasi_beetalk_versi_lama_ios.pdf
- http://sarobot.rf.gd/majirefapevegekeginitejo.pdf
- https://s3.amazonaws.com/vekodupiwarobi/58993627581.pdf
- http://wojodiguf.rf.gd/boca_do_inferno_ricardo_araujo_pereira_download.pdf
- https://uploads.strikinglycdn.com/files/04ef1393-2b6b-4678-bba7-89880f459c22/87619114056.pdf
- http://xakitum.epizy.com/camerimage_program.pdf
- http://putazosaw.epizy.com/kube_cron_job_template.pdf
- http://bewegemoketofa.rf.gd/niwexuxanagimupuzolagu.pdf
- https://uploads.strikinglycdn.com/files/6b494f19-524f-4035-907e-2f514779fdc2/sketchup_free_download_for_windows_7_64_bit_with_crack.pdf
- https://uploads.strikinglycdn.com/files/49848862-b0c1-4dcc-9b71-e3efa86347fc/acrobat_pro_dc_subscription_cancel.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000122c4.bin24495f623bb6e5cf141f9518e4589d2edc8227b75b665fd64bf91236e226e2f4 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x122C4 | 5200 bytes |
font_01_sfnt_off00013441.bin4a0504a10ad2e414a0273fd245a0cdd653b017cbef88e75b13b3f78ec9664764 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x13441 | 11604 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.