MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The file was detected as malicious by ML classifiers and ClamAV, specifically flagged as a phishing trojan. An external URI pointing to 'traffking.ru' was extracted, indicating a likely attempt to redirect the user to a malicious site. The document body, though heavily obfuscated, contains strings that may be part of a lure.
Machine Learning
- Nyx PDF Classifier malicious score 0.9996
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://traffking.ru/123?utm_term=port+authority+hat+c818
- https://cdn-cms.f-static.net/uploads/4474987/normal_5fa5c6c72730d.pdf
- https://static.s123-cdn-static.com/uploads/4486772/normal_5fc91d0c6cea8.pdf
- https://cdn-cms.f-static.net/uploads/4367297/normal_5f9b5994cad03.pdf
- https://static.s123-cdn-static.com/uploads/4481286/normal_5fcae829b29ce.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://static1.squarespace.com/static/5fc2d0d9e5c7695ca9a82108/t/5fc7cdeb8c4551503fefde61/1606929899277/zopuso.pdf
- https://static1.squarespace.com/static/5fc0fe2417e7202640eab110/t/5fc633249d79364840606122/1606824740936/vova_shopping_reviews.pdf
- https://uploads.strikinglycdn.com/files/dd4ca7fe-1648-418d-a434-8025f569c7e0/68127738795.pdf
- https://static1.squarespace.com/static/5fc1d3b3f9866f3fd2dadad4/t/5fc786975fecd2174b625207/1606911641289/instagram_app_icon_blue.pdf
- https://static1.squarespace.com/static/5fc080f7bf71053ccb0e3c67/t/5fc44b743c02f22b9d95b8ff/1606699892848/area_code_216_usa.pdf
- https://static1.squarespace.com/static/5fbce344be7cfc36344e8aaf/t/5fbe32e9f8cdb769c6add07b/1606300394072/lowes_in_bedford_pa.pdf
- https://static1.squarespace.com/static/5fc1a7b9084698658e639c4c/t/5fc6af313570fb44d1efc951/1606856497600/parkour_stickman_race_game_download.pdf
- https://uploads.strikinglycdn.com/files/6e974a1f-4cad-4ca4-ac93-10e691df9b50/nufexijipabofazokegaxab.pdf
- https://static1.squarespace.com/static/5fc0fe012e537a05ef0995e2/t/5fc14e6f08845d0924bafd3f/1606504052559/cecil_stan_caldwell_photo.pdf
- https://static1.squarespace.com/static/5fc007c924b06a7eb3fa3bc3/t/5fc12b574e98326c023a33f0/1606495064984/rajex.pdf
- https://uploads.strikinglycdn.com/files/e8d5e807-1d35-41ff-9929-937e068aa842/3701093749.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000ae49.bin20e3242cb32ce5cff78029100ace346505d9aa3198485875c591d020c8ad066d |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xAE49 | 5024 bytes |
font_01_sfnt_off0000bf65.binc370c85e59255034c1ec24fa5b3613f0f3f2009de65f182e633448b9b48a4627 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xBF65 | 9904 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.