MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The file is a PDF document that contains an embedded URL pointing to a suspicious domain. Heuristics indicate the presence of external URIs and a ML classifier flagged the PDF as malicious. ClamAV also detected it as Pdf.Phishing.Trojan. The embedded URL likely serves as a lure to a phishing or malware distribution site.
Machine Learning
- Nyx PDF Classifier malicious score 0.9957
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://catamma.ru/pbw?utm_term=5+senses+used+in+descriptive+writing PDF link annotation
- https://cdn-cms.f-static.net/uploads/4481695/normal_6068bf3f21844.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4365636/normal_601b00f10d312.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4384159/normal_60378e96c5e83.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://uploads.strikinglycdn.com/files/b33e375c-3401-4c96-abd5-394cad06a56e/narabopakiraf.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/0982dc47-ff50-416e-96b8-ba29dcc26663/husky_4_gallon_air_compressor_225_psi.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/a5c5208f-e575-4877-a1ee-8dec71391ed6/94198628137.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/93ed4597-f232-4de0-8052-83138609bed8/xelarud.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/88fa1e2f-21c5-4441-8b3d-b1048ab110d8/53004512588.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/f24d9a33-9390-447f-9dfe-a2b1f087e49a/wat_remover_win_7_32_bit.pdfIn PDF document text
- http://zikupuzajix.pbworks.com/f/zubixumurugap.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/31753e20-aa1e-42f5-ad4f-2525892004e6/60328033017.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/c5456499-2c67-4c7c-828b-08771c43aef7/simple_religious_wedding_ceremony_script.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/2aa197ff-0636-418c-97a5-b3bbdbde3740/887859118.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/cb636171-8f80-4616-87f1-ea14f007484f/89222132383.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/2e7ff53b-3c55-49c2-8e25-92273ea713b2/whirlpool_cabrio_steam_dryer_not_drying.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/bc86a728-42fb-4d87-a98a-5eb879bd2529/nanobiruligotasubutoje.pdfIn PDF document text
- http://kukepofarit.pbworks.com/w/file/fetch/144471351/miraculous_ladybug_season_4_release_date_in_the_usa.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/13ffe7c3-7519-4ff5-b3eb-fb5f22ae4e47/guardian_underground_fence_troubleshooting.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/064270b9-2995-4c96-ac46-2fae930bb8a3/wagugujapesenera.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/1e576913-8674-46ca-ada3-e58f656028e1/27383654593.pdfIn PDF document text
- http://funuvutidip.pbworks.com/f/4899631182.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/5218b093-13c7-4485-b44d-63c499ff3fbb/2649657832.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/85676ed6-fa5c-4754-b5e8-452834c2a3ee/how_to_determine_the_net_dipole_moment.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/255e2b9c-d1ca-4076-8fba-446031e3578a/diwepa.pdfIn PDF document text
- http://funuvutidip.pbworks.com/w/file/fetch/144460119/how_to_duplicate_disaster_relief_packages_in_dying_light_2021.pdfIn PDF document text
- http://taxexuwej.pbworks.com/w/file/fetch/144434901/razetiritalesuxosijoleku.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/6b9dcc9c-1c5d-4685-bc50-a46ec06ffe73/43105585884.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/c17de00a-28eb-43f2-a097-4e354a1d8bbe/what_is_the_1_percent_net_worth.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00010f61.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x10F61 | 5180 bytes |
SHA-256: a298ba10fd1e8b7c14afe00d30bc752c324a6d19ae5f97f40d09b5dca3671729 |
|||
font_01_sfnt_off0001212a.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1212A | 10412 bytes |
SHA-256: 5826953da59b0af969c1c42b2023e829d4dba568d877c7f0529aad4e8c953531 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.