MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
This PDF document was flagged as malicious by ClamAV and an ML classifier. The file embeds external URLs that direct users to attacker-controlled resources. Specific URLs and indicators for this sample are listed in the indicators section.
Machine Learning
- Nyx PDF Classifier malicious score 0.9998
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://traffking.ru/strik?utm_term=living+buddha+living+christ+summary PDF link annotation
- https://cdn-cms.f-static.net/uploads/4379387/normal_5f9a2eaf893ab.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4490269/normal_5faf3ae12a511.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4475219/normal_5fd2601a0adea.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4416299/normal_5f99040384a1c.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4417992/normal_5fb427285a35d.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://static1.squarespace.com/static/5fce08ab0db0542b884d6e77/t/5fd17f85ad61ab583181fac5/1607565190510/gujiwomewaduzukogisini.pdfIn PDF document text
- https://static1.squarespace.com/static/5fc0dfe77d0c8f249d40ab54/t/5fcc21f4920f47545b838518/1607213556305/houseparty_app_games_on_desktop.pdfIn PDF document text
- https://s3.amazonaws.com/dovulavavo/fezewini.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/a2f208ef-6355-4d87-8f66-0c631b128154/vubas.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/a3452c5d-d8a2-46b3-8fb9-1234a347f469/call_of_duty_black_ops_declassified_zombies_gameplay.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/0a62345c-be96-4fac-9f87-b47d80afab72/blaze_black_2_pokemon_locations.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/2766e513-c7be-48a9-b65e-8622d1189e4d/import_csv_file_into_quicken.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000c5a5.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xC5A5 | 5596 bytes |
SHA-256: f5359d6a5528cc1ba1d4ea6dfe1a370f167044ea4738da11afa0ababe5ba387d |
|||
font_01_sfnt_off0000d891.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xD891 | 10308 bytes |
SHA-256: 149e29e2e9d26ad7ac2e7ba9fa02e8ba7144d6c5153274ec53a2929b7221f876 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.