MALICIOUS
94
Risk Score
Malware Insights
MITRE ATT&CK
T1203 Exploitation for Client Execution
T1566.001 Spearphishing Attachment
The sample is a PDF file flagged by ML classifiers and heuristics indicating malicious intent. It contains external URIs and is related to CVE-2023-26369, suggesting it exploits a known vulnerability for client execution. The high stream count also points to obfuscation techniques commonly used in malicious PDFs.
Machine Learning
- Nyx PDF Classifier malicious score 0.7909
Heuristics 4
-
TrueType bitmap font + active content — CVE-2023-26369 related high PDF_CVE_2023_26369_RELATEDPDF embeds a TrueType font with bitmap tables (EBDT/sbix/CBDT) alongside exploit delivery indicators — CVE-2023-26369 exploits the sfac_GetSbitBitmap function in Adobe's libCoolType for arbitrary code execution. This CVE was actively exploited in the wild, but this rule does not validate the malformed EBLC/EBDT primitive.
-
Unusually high stream count medium PDF_MANY_STREAMSPDF contains 501+ stream objects — may indicate heap spray or heavy obfuscation
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://www.mrcet.ac.in/
- http://www.tantel.ca/Lathe..html&h=600&w=800&sz=152&hl=en&start=7&usg=__pyDvMQe0ACg4h7GOKBKndRZkgLg=&tbnid=X0Cv663g0m2OJM:&tbnh=107&tbnw=143&prev=/images?q=lathe&gbv=2&hl=en
- https://www.electronicshub.org/temperature-controlled-system/
- https://www.electronicshub.org/reverse-parking-sensor-circuit/
- https://www.electronicshub.org/street-light-that-glows-on-detecting-vehicle-movement-using-ir-sensor/
- https://www.electronicshub.org/portable-ultrasonic-range-meter/
- http://www.fourslide.com/images/products/smallparts.jpg
- http://158.132.205.160/Digital_Factory/arts/pix/DF_layout.gif
- http://www.piaggioaero.com/immagini/pagine/Sito%20Flash/Products/focus_point_assemblyline.jpg
- http://halmapr.com/news/elfab/files/2007/11/inspection-cropped.jpg
- http://www.hghouston.com/images/testing.jpg
- http://www.fileguru.com/images/b/automatically_schedule_your_employees_to_3_shifts_business_scheduling-9055.jpeg
- http://www.manaresults.co.in/
- http://ocsp.verisign.com0
- http://images.google.ie/imgres?imgurl=http://powerpressindia.com/images/250k1.jpg&imgrefurl=http://powerpressindia.com/&h=381&w=335&sz=44&hl=en&start=21&usg=__ZT0dLkOASKOu6WlC3fV9G4Zc1zs=&tbnid=UcF25LD6t9YhCM:&tbnh=123&tbnw=108&prev=/images?q=power+press&start=18&gbv=2&ndsp=18&hl=en&sa=N
- http://images.google.ie/imgres?imgurl=http://www.tantel.ca/Images/Lathe/Lathe
- http://product-image.tradeindia.com/00174221/b/Nickle-Plating-Plant.jpg
- http://images.google.ie/imgres?imgurl=http://www.atlasservices.us/sitebuildercontent/sitebuilderpictures/welding.jpg&imgrefurl=http://www.atlasservices.us/id10.html&h=600&w=803&sz=34&hl=en&start=2&usg=__f3T5DhyDZFz0QmIWI0G-Ri6oMuo=&tbnid=p3J0cqEOCUV6SM:&tbnh=107&tbnw=143&prev=/images?q=welding&gbv=2&hl=en
- http://images.google.ie/imgres?imgurl=http://www.conveyco.co.za/images/Home_Page/FP003.JPG&imgrefurl=http://www.conveyco.co.za/&h=434&w=540&sz=233&hl=en&start=18&usg=__2RAj_61MWnXJGYF1FkbEtjYiKd0=&tbnid=Uq1A6s-HCwPXwM:&tbnh=106&tbnw=132&prev=/images?q=conveyors&gbv=2&hl=en
- https://en.wikipedia.org/wiki/Strategic_management
- https://en.wikipedia.org/wiki/Workflow
- https://en.wikipedia.org/wiki/Business_process
- https://en.wikipedia.org/wiki/Organization
- https://en.wikipedia.org/wiki/Customer_service
- https://en.wikipedia.org/wiki/Operational_costs
- https://en.wikipedia.org/wiki/Competitor
- https://en.wikipedia.org/wiki/Holism
- https://en.wikipedia.org/wiki/Electric_current
- https://en.wikipedia.org/wiki/Hydraulic_fluid
- https://en.wikipedia.org/wiki/Pneumatic
- http://www.microsoft.com/typography/ctfontshttp://lucasfonts.comMicrosoft
- http://en.wikipedia.org/wiki/MIT_License
- http://www.microsoft.com/typography/fonts/default.aspx
- http://crl.microsoft.com/pki/crl/products/MicrosoftTimeStampPCA.crl0X
- http://www.microsoft.com/pki/certs/MicrosoftTimeStampPCA.crt0
- http://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl0T
- http://www.microsoft.com/pki/certs/MicrosoftRootCert.crt0
- http://www.microsoft.com/pkiops/crl/MicCodSigPCA2011_2011-07-08.crl0a
- http://www.microsoft.com/pkiops/certs/MicCodSigPCA2011_2011-07-08.crt0
- http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl0^
- http://www.microsoft.com/pki/certs/MicRooCerAut2011_2011_03_22.crt0��
- http://www.microsoft.com/pkiops/docs/primarycps.htm0@
- http://www.microsoft.com/Typography/0
- http://www.microsoft.com/typography/ctfontshttp://fontfabrik.comYou
- http://crl.microsoft.com/pki/crl/products/MicCodSigPCA_08-31-2010.crl0Z
- http://www.microsoft.com/pki/certs/MicCodSigPCA_08-31-2010.crt0
- http://www.microsoft.com/typography
- http://www.microsoft.com/typography/fonts/
- http://crl.microsoft.com/pki/crl/products/CSPCA.crl0H
- http://www.microsoft.com/pki/certs/CSPCA.crt0
+17 more URL(s)
Extracted artifacts 32
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
stream_001_off00006fb5.bin3293f99ac12a96be868dc6c2d5dbcb78c999e6da0510a274166dc10e571bcc9d |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x6FB5 | 363652 bytes |
stream_002_off0002e278.bin5c954ab5d393d4b64d6f894b31b338ce6dd01cb12f331ce5d3abbc33008a6e2c |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x2E278 | 370380 bytes |
stream_009_off0006579d.bin9973c305562f8676e2346f3ad50c5e57364b2492c5358994e98581db683e59a3 |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x6579D | 61428 bytes |
stream_014_off000785ed.bine04c0e73578f374b28cb28c449f3d94716920489277f6c141abadda5f102e0b2 |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x785ED | 59444 bytes |
stream_020_off0008be24.bin49ecb630cef294822319ba182d27176b1e2106b6285d8a6677f7417def22e630 |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x8BE24 | 353532 bytes |
stream_021_off000b1bff.bin4963371844c5f1a6f9f1b6bbad963115ad3f13454ab226088e68e04c62ec5117 |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0xB1BFF | 353584 bytes |
stream_033_off000f9491.binb57dcad91a1711d5724f0c5bbd46ed141fabfdfdd2fea56a0f2d22ae6e2126f5 |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0xF9491 | 53172 bytes |
stream_041_off00141f12.bin10df9f3d6c2dcf75e3573f0c2a5e3a6c3bd93dafe0300c52c878c5ad9f023c2c |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x141F12 | 333472 bytes |
stream_048_off0016efdd.bin2825782b76c2bbb4885e0825b409fc2422ab902aa94ecf639ebb1a0c59a9d99e |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x16EFDD | 354980 bytes |
stream_060_off0021305a.bin4fe4092b4a12bf280f6d6a1d77aed9bcb9167034857b00a5ad1274a4ee5c8008 |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x21305A | 331900 bytes |
stream_089_off002e02da.binfa5ad2320cdbf6946bc9feecd263605de0c9126e40b2e59af3b4bd269b958569 |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x2E02DA | 335192 bytes |
font_00_sfnt_off00000229.binac6a19f559e47f3b4453ade3aa532f238009ebf6239367a45b866b0dfd984436 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x229 | 59968 bytes |
font_03_sfnt_off00055b96.bin90691d67193d9b888f48c2704802c3e8415359e4c3926911dfac0b5538ca60a6 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x55B96 | 54208 bytes |
font_04_sfnt_off0006babc.bin821feffec538842c1687626d30a5c8e4caaa4a6df9f70b4c840e6f1c4c043a84 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6BABC | 48056 bytes |
font_05_sfnt_off0007062c.bin44ecd060b9b203aedfa42a59df7e0bad8b4320f585e05b4ea58de62e055a790c |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7062C | 18624 bytes |
font_06_sfnt_off0007e384.bin136672707e5ef7d13dca8995080221a36d6f677bba1b89e5fd94c06dc514a8aa |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7E384 | 49232 bytes |
font_07_sfnt_off00083197.binab3a1f3deb0e4e23cde8b6d6034100aed9b74a753194cf1284bd522a80e46a03 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x83197 | 20892 bytes |
font_09_sfnt_off000d7ae3.bin3aae85620a8da084c0d88daba6009b9bb6f131be5c946a99a89638f98d8eda85 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xD7AE3 | 72080 bytes |
font_10_sfnt_off000e1750.bina98b99f4c5350cb2807a177c92bf5c3bdb3ef1e826c15d7bae1321e5fe1926d0 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xE1750 | 90268 bytes |
font_11_sfnt_off000ed08b.bin2428df7e6a90edacd13c8fa289741db4114ab71d9b49ef4366576a244d44c684 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xED08B | 28148 bytes |
font_13_sfnt_off000fe993.binaeb2daf805a684fbffc0c4fc4bb80b611849c3a613cc0b2d6405f6871aea1bc1 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xFE993 | 21904 bytes |
font_14_sfnt_off001019ee.bine70dcc7d532c5440b752c8c0852c9573731277b550e8df18a41e9c74c84ee68f |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1019EE | 30776 bytes |
font_17_sfnt_off0019524f.bin9f0bbd0cfabd03125c58e4005641f1bd18431aa90669296bd3252dcc3f11003e |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x19524F | 354976 bytes |
font_18_sfnt_off001bb3a8.binca6c494bb5ef9be7361cfad38425c9e5ec46bc51a29f0a9ed3e0b4866540a7f4 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1BB3A8 | 24332 bytes |
font_19_sfnt_off001bec45.bin7d27afa99ab468bff8aaf207e38029c0dda888da5f9a46304be1c81fcac179ff |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1BEC45 | 358412 bytes |
font_20_sfnt_off001d86f3.bin5307fe7c3c0dbc36cd1e5469dd95a7591f7e84bfe4821733a66ee9cd361f2b6f |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1D86F3 | 335900 bytes |
font_23_sfnt_off0024394d.binfe786e3bf2b50b95808f1fbd051516f60855235905c744c1a219337c4ee7abdb |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x24394D | 346644 bytes |
font_24_sfnt_off0025bf12.binbea5859a6c928bf5ec9a2dc4b263250b81e1c1f6395d09392134639b35445540 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x25BF12 | 364288 bytes |
font_27_sfnt_off003773cd.binac75669ad395dd24df743f5d59336257d84fea7594d7e2db8d2b6d6ddc61ff07 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x3773CD | 53688 bytes |
font_29_sfnt_off00489596.bin3919491c16b6921682e0e7c056c55189829f97da5c68f90c415a2a464cb19c21 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x489596 | 329128 bytes |
font_30_sfnt_off004ab3e6.binfcb61f6e21eea6a6856adce02a4a888d91d85d4a7cb1fc99ff6a2c95275bb21f |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x4AB3E6 | 334164 bytes |
font_31_sfnt_off0051e190.bin34a03e9208d84625769d9faf27e92ad09f5d9208c03606b52794882732f579bb |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x51E190 | 331948 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.