MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
This PDF document was flagged as malicious by ClamAV and an ML classifier. The file embeds external URLs that direct users to attacker-controlled resources. Specific URLs and indicators for this sample are listed in the indicators section.
Machine Learning
- Nyx PDF Classifier malicious score 0.9998
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://crophysi.ru/strik?utm_term=the+new+season+game+of+thrones PDF link annotation
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://uploads.strikinglycdn.com/files/49088b35-b8d8-4441-8ce6-4c7d87a971a1/kogibewilunexugutaxajotu.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/f2c69a9d-59f5-4141-907e-158789962743/how_to_write_report_format_example.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/a7b147f7-cdce-4e12-974c-43bfeebe094d/how_to_draw_easy_stuff_that_looks_hard.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/89d553a6-929c-46c0-905c-854067e8ba51/watch_the_game_changers_documentary_online_free_reddit.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/089d9289-5826-44cd-a373-aa3273ee7e52/41554756484.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/3a2c4bb4-0f55-4fcc-8490-227fd75b766e/gmat_official_guide_2019.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/fdc04722-92e0-437c-abc4-4e3536f6c8a0/nojazegoluteki.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/b6269730-71ba-4851-9e4d-9553b9ce9fa5/nobevobupimaxibuvokij.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/a1222190-863c-46b0-91a6-424fa9b582b9/97746317867.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/726a4da3-0ac7-464f-8782-e17a778d9dea/45111208070.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/9727474a-f5f2-4f63-bd0b-f62afb3f7fd8/pmdg_747-8_crack_p3dv4.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/8a5d9686-2ca9-4da4-9a70-d3ac803df242/what_age_do_they_hire_at_wendys.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/51ab354d-7eb5-44c2-a435-aec1c170bc1c/weber_grills_parts_320.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/d62b942f-17f7-4c67-aab2-476c1f5486f4/75760349221.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/ab38e044-b018-4e89-b57a-45000c8bcfdb/gefuxex.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/04514fbe-ea5e-4966-9d51-a20e2b6889a0/freemake_video_downloader_gold_pack_key.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/0362d509-ae22-4e9d-8688-064b6cef71c4/groin_strain_rehabilitation_exercises.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/ecc78981-0ec5-4139-9ec0-f4c6360a6572/80584004300.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/11a8127b-a678-4562-a9d6-cef2b7a58d39/motivational_interviewing_approach_definition.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000f5a6.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xF5A6 | 5192 bytes |
SHA-256: be9637e87f67ab79bdfe97c90a018aa111f72b5ae1f69b4a25d67123d2c3eed0 |
|||
font_01_sfnt_off0001073b.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1073B | 11104 bytes |
SHA-256: f63156c382871fc00f6d4ef3e239f439b03ad4b7b848017716a4cc1883f44cf8 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.