MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF file was flagged by a machine learning classifier and ClamAV as malicious, specifically as a phishing trojan. It contains an embedded URI pointing to 'traffset.ru', which is likely part of a phishing or malware distribution scheme. The document body, though heavily obfuscated, suggests a lure related to 'Parking Fury unblocked 3', indicating a social engineering attempt to drive traffic to the malicious URL.
Machine Learning
- Nyx PDF Classifier malicious score 0.9976
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://traffset.ru/strik?utm_term=parking+fury+unblocked+3 PDF link annotation
- https://cdn-cms.f-static.net/uploads/4401694/normal_5fa25c695a2e5.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4386089/normal_5fd13387e8a54.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4408324/normal_5fbcbafcf39de.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4366959/normal_5f99e6c9775da.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- http://www.daltonmaag.com/In PDF document text
- https://static1.squarespace.com/static/5fc7b0708651a04751998254/t/5fcf94ba8b174454e9a53b51/1607439547522/gupudagunirovonalalaw.pdfIn PDF document text
- https://static1.squarespace.com/static/5fcefd143d778404109110a2/t/5fd73acd034a586a4f5e8a81/1607940813978/mapakujepobivovuv.pdfIn PDF document text
- https://s3.amazonaws.com/pobixedele/child_s_play_3_dual_audio_480p.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/bd8aa85f-2168-4966-9fbc-7aebf40463d1/75619267180.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/5f2c8a1e-546f-4d65-8159-c4f419323d5a/16045095721.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000ca1a.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xCA1A | 5284 bytes |
SHA-256: 48dd2e5aa8facb4b0ac4e1639bf1e86118a12fa03f40af1bb271e289a42f6b61 |
|||
font_01_sfnt_off0000dc1b.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xDC1B | 10192 bytes |
SHA-256: 6bdc0e5f3ee2206e9935a232dc8fd83c92506825161efa95bc5af62b172978fb |
|||
font_02_sfnt_off0000fec7.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xFEC7 | 4324 bytes |
SHA-256: 0d0f64e27578eb124b8bc81c7eceacdd166e22eddd95c81328e9fbd7de2a6333 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.