MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF file was flagged as malicious by ML classifiers and ClamAV, indicating a high likelihood of malicious intent. It contains numerous embedded URLs, with the primary one being 'https://maypoin.ru/wix?keyword=test+drive+unlimited+2+mods+download', suggesting a phishing or credential harvesting attempt disguised as a download link. No scripts were extracted, but the presence of external URIs points towards a downloader or phishing lure.
Machine Learning
- Nyx PDF Classifier malicious score 0.9991
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://maypoin.ru/wix?keyword=test+drive+unlimited+2+mods+download
- https://xofeboje.weebly.com/uploads/1/3/4/5/134584890/96b6f59.pdf
- http://fb-pageunderreview.com/1603396874109bew.pdf
- http://sentytld.online/warframe_anasa_sculpture_pricezfype.pdf
- https://ribofefafuf.weebly.com/uploads/1/3/4/7/134770843/sujefez.pdf
- https://fiwugepupuladav.weebly.com/uploads/1/3/4/7/134740110/maziruxufatine.pdf
- http://akvatehnika74.ru/gomisolutetena7fye7.pdf
- https://warororob.weebly.com/uploads/1/3/5/3/135314520/5bb58d346bb7.pdf
- https://cdn-cms.f-static.net/uploads/4412895/normal_6018199a521eb.pdf
- https://static.s123-cdn-static.com/uploads/4379363/normal_5feeff904e713.pdf
- http://fit-italy.space/56797126985n75ce.pdf
- https://static.s123-cdn-static.com/uploads/4387427/normal_5fde886e339ca.pdf
- https://static.s123-cdn-static.com/uploads/4408319/normal_5ff96e3ed123d.pdf
- http://ueuniti.xyz/85199199337pgros.pdf
- https://static.s123-cdn-static.com/uploads/4369776/normal_5ffd995026a08.pdf
- http://sarhello.online/diwojuwebonanejln7v9.pdf
- https://cdn-cms.f-static.net/uploads/4481673/normal_601d37a433bd2.pdf
- https://cdn-cms.f-static.net/uploads/4490125/normal_600e5bb53e2ba.pdf
- http://fixmarker.fun/kivik_couch_instructionsvqd0a.pdf
- https://lagonola.weebly.com/uploads/1/3/4/8/134851586/5047468.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://s3.amazonaws.com/gixawetopoli/62872905057.pdf
- https://s3.amazonaws.com/fonibinaraj/81205117178.pdf
- https://s3.amazonaws.com/sonutopexaramuf/latitude_5179_spec_sheet.pdf
- https://s3.amazonaws.com/xonaxevetaf/breast_cancer_staging_and_treatment.pdf
- https://s3.amazonaws.com/tugumeb/lifariguzoduzu.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000d8d9.bin2098d221d18bf6cc98059ec89d965afeb710f6711cf1461f51da48c4abd23328 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xD8D9 | 5204 bytes |
font_01_sfnt_off0000ea85.binaa7e41c7c377133b43241a930be6cb22c807fc6ce10ac2a21ab03161878c9367 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xEA85 | 10348 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.