MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF file contains an embedded URL that directs users to a site offering a 'free vpn proxy super vpn unblock master apk download'. This, combined with the ML classifier and ClamAV detection, strongly suggests a phishing or malware distribution attempt. The document body, though heavily obfuscated, contains keywords related to the lure. No scripts were extracted, but the presence of an external URI points to a malicious intent.
Machine Learning
- Nyx PDF Classifier malicious score 0.9988
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://midufefew.ru/strik?utm_term=free+vpn+proxy+super+vpn+unblock+master+apk+download PDF link annotation
- https://static.s123-cdn-static.com/uploads/4425772/normal_5ff9cfdd48a06.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4425908/normal_605583080d4df.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4417220/normal_605376729164b.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4464521/normal_5fe6362b5c43c.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4392453/normal_60388b54e1707.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4488103/normal_5fff12a85358a.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4385859/normal_5fe421c98f012.pdfIn PDF document text
- https://static.s123-cdn-static-d.com/uploads/4486374/normal_60aff4246b97f.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- http://www.daltonmaag.com/In PDF document text
- https://uploads.strikinglycdn.com/files/8be2fa67-08c9-43d3-93f2-980b696161f2/tavanasivoko.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/594e017f-7502-4a50-b259-14cd7a396751/pofepefi.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/07f6ce37-b65e-482e-ba88-d879e287c4f2/57498754053.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/d791b8ec-d353-4c62-b7c9-6569686b01b7/rakorojidej.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/1df64ffd-eb72-4233-8b76-9d92e10a9d26/nibajegaf.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/c9e95b2c-c7ba-4325-aa1f-beaa5ae88a7f/is_there_any_course_to_learn_stock_market.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/9db2ba39-68b5-43a0-bc9d-fb6caacead60/what_do_radioactive_elements_decay_into.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/d88481f6-61fa-4202-8ec1-6866aad1e157/wekavik.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/3f1b4822-8a96-4b05-8781-71f1de418bd4/kikevibepevisulo.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/1cb743c5-cb9f-4271-ad00-de515b0053b7/lonakad.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/b09c169b-4907-4824-9501-5fce8b5c515d/bmw_f30_320d_owners_manual.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/d173db59-a1c6-410b-a2d6-1ea4305eda41/memedijadubexevo.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/d72b27c3-5ba3-458e-b7be-a3c9651363a3/79611953548.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/d8421214-d072-4814-b23a-fa4aa525446a/metal_gear_2_solid_snake_msx_online.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
- http://dejavu.sourceforge.netIn PDF document text
- http://dejavu.sourceforge.net/wiki/index.php/LicenseIn PDF document text
Extracted artifacts 5
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000f73f.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xF73F | 5536 bytes |
SHA-256: 598f9666644133670d5102ddb11be5dda8bea11923f910acb902df9cd903b780 |
|||
font_01_sfnt_off00010a05.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x10A05 | 1648 bytes |
SHA-256: db10b07aa1ba911afaf060b12e2cde8c70dbbf9941f30369d108722010ce9547 |
|||
font_02_sfnt_off0001124f.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1124F | 10912 bytes |
SHA-256: aed215bd15f0f83af723044d416e1af00b54b41b9a70cb1cb9a213cae5883af9 |
|||
font_03_sfnt_off000137d2.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x137D2 | 16092 bytes |
SHA-256: c9557d91917e40dbb2ce09b7ef560a04a9a832ffe2ebcac6b50408a58351272e |
|||
font_04_sfnt_off00014c9a.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x14C9A | 4324 bytes |
SHA-256: 4fcfa7c68d76e23b667942a3ac892d2d5d88346478daafc61479ad4df4af3dd3 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.