MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
This PDF document was flagged as malicious by ClamAV and an ML classifier. The file embeds external URLs that direct users to attacker-controlled resources. Specific URLs and indicators for this sample are listed in the indicators section.
Machine Learning
- Nyx PDF Classifier malicious score 0.9993
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://bologen.ru/123?utm_term=facebook+video++iphone+8 PDF link annotation
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://uploads.strikinglycdn.com/files/3d6faa20-7913-41ac-9b50-2fa325ffbe64/what_is_naturalistic_theatre.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/fbe4d9d2-474e-4ec3-996e-efefd073db4e/gofusaxejejirosu.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/0caaff05-3c60-42e5-8aa8-c6a4f449b475/96078077501.pdfIn PDF document text
- http://pamotekegopa.pbworks.com/f/jamezufatovusixijubuj.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/50883fa1-9d9e-4df2-a5e2-86c721fb90c5/29333754903.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/bab1fdc9-0e90-49f0-ac95-34dd1c1260e8/shimano_xtr_di2_groupset_price_philippines.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/854a1213-9a24-4b6c-b7ab-b88f23ec9de8/6097796435.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/8819cacb-f175-4416-b3e0-790fb7d73eef/fenuwenunamewuxi.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/7c90b67b-4ace-4073-8bd8-353bd2950d04/50906029743.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/6b40a3f3-6d39-4efa-b6bb-dc925dc6ce29/what_do_kachina_dolls_represent.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/0dbae0be-bc7d-4289-aeb1-202c76cadd90/easy_things_to_draw_step_by_step_kawaii.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/956b7d39-9ad4-49fd-a10c-08df5ee01bbb/complete_pali_canon_in_english.pdfIn PDF document text
- http://jebodigezev.pbworks.com/w/file/fetch/144578271/rezaxepo.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/9bac6f17-d8ef-4766-beee-cb547ec5d239/what_is_a_warning_order_army.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/7f910c9d-c0b1-4b6b-be80-00635f304c9f/why_does_my_garage_door_opener_flash_yellow.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/2121b336-5359-45eb-9cad-717f373d48cd/shadow_puppets_easy.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/221fe9ab-89d5-4a74-936e-c6ba3b2303ca/claw_hand_deformity_causes.pdfIn PDF document text
- http://jumedew.pbworks.com/w/file/fetch/144422655/25015577114.pdfIn PDF document text
- http://jilawuxifi.pbworks.com/w/file/fetch/144640917/amazon_kindle_software_for_mac.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/a4fec806-b5f6-42c0-b21f-6fdc7024db06/nefufatanojumolerifazaz.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/77ab3aa7-4795-4df5-8fcf-5d63653cc450/adobe_illustrator_cc_classroom_in_a_book_lesson_files_free_download.pdfIn PDF document text
- http://wufamazajo.pbworks.com/w/file/fetch/144630282/longman_academic_writing_series_3_fourth_edition_answer_key.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/5afdd506-bc38-4918-a471-42a9c957eafe/39999319678.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000e824.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xE824 | 5268 bytes |
SHA-256: ecaa35b0c215267af920843dc91d13032c28d878e282d1c164821a249491deda |
|||
font_01_sfnt_off0000fa15.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xFA15 | 10700 bytes |
SHA-256: 5f6e07d224d7ceb3463b7a8fdc30c76b8fc1afb74d5e821d7a85450ff797d667 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.