MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
This PDF document was flagged as malicious by ClamAV and an ML classifier. The file embeds external URLs that direct users to attacker-controlled resources. Specific URLs and indicators for this sample are listed in the indicators section.
Machine Learning
- Nyx PDF Classifier malicious score 0.9994
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://xezojetit.ru/strik?utm_term=astronomical+almanac+for+the+year+2021+pdf PDF link annotation
- https://cdn-cms.f-static.net/uploads/4450878/normal_6010e71f1de2f.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4416654/normal_5ff7d91a25103.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4476418/normal_5fe6db1f2dbc0.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://uploads.strikinglycdn.com/files/e0dccf9f-1b2a-403a-9abd-ec7c5fb99fa5/soundlogic_xt_bluetooth_shower_speaker.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/b5f808b2-9846-427b-9de0-b424a1bee68b/relazibozusedir.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/5e9b050e-5322-4b76-8f4e-230b576c93c7/wemevomoteguparogej.pdfIn PDF document text
- https://s3.amazonaws.com/pipaneku/60593485213.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/4fde3db2-c362-438e-baac-9f3c2fb86d76/why_walmart_fail_in_korea.pdfIn PDF document text
- https://s3.amazonaws.com/sazomo/htet_answer_key_2019_level_3_geography.pdfIn PDF document text
- https://s3.amazonaws.com/leteraxewe/xikiv.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/15a3c9be-25a1-402a-9182-1818a300aa8b/ruxururi.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/cca2fb97-7d15-40cf-9e64-e0d67a73a7b2/xiwisugiwin.pdfIn PDF document text
- https://s3.amazonaws.com/podawakumepewez/travis_picking_patterns_acoustic_guitar.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/5f50f9ae-e6b8-4dfa-a179-340dd03a0657/xenipugoso.pdfIn PDF document text
- https://s3.amazonaws.com/vetamedisoz/ponuxafivilavelisepodawax.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/db99e43f-4506-4c47-999a-60aec2f9e52a/where_to_stream_a_time_to_kill.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/f4f878c5-f757-46d1-b1a8-f9d1a62feef0/how_to_put_string_in_stihl_fs_56_rc.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/f04056a9-c2a3-4921-8771-019a4a989e56/netgear_cg3000dcr_admin_login.pdfIn PDF document text
- https://s3.amazonaws.com/xufaxoferugod/vogitekoxodupe.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/5667b3f5-790c-4c8b-be9e-e082ea60b225/what_is_a_social_constructionist_approach_useful_for_and_what_are_its_limitations.pdfIn PDF document text
- https://s3.amazonaws.com/furunumaroxun/manual_bocina_jbl_flip_2.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/b59d0c0f-c632-4976-928a-9e0d1789e721/62211742321.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/cb7950e1-c12e-40a8-b8ab-a8422b05ca2f/rozebiwupupojivipe.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000f9c8.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xF9C8 | 5812 bytes |
SHA-256: 09eb03469632480f6a71b126f0ad2cb2ac3d893b4cef4a5e57671a89b21e3669 |
|||
font_01_sfnt_off00010d73.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x10D73 | 11496 bytes |
SHA-256: cf169ae4f2335eeac954c35b7cafa6f81f40f89746b99f5e3de6fc180bdfbae6 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.