MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
This PDF document was flagged as malicious by ClamAV and an ML classifier. The file embeds external URLs that direct users to attacker-controlled resources. Specific URLs and indicators for this sample are listed in the indicators section.
Machine Learning
- Nyx PDF Classifier malicious score 0.9991
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://leonvi.ru/strik?utm_term=vermeer%2527s+hat+chapter+2+summary PDF link annotation
- https://cdn.sqhk.co/fawabanof/gi2ih2C/secret_of_mana_snes_rom_cheats.pdfIn PDF document text
- https://cdn.sqhk.co/wojusipi/f6adgim/yellow_frog_tape_lowes.pdfIn PDF document text
- https://cdn.sqhk.co/nesadatifu/XsDHidC/76716639934.pdfIn PDF document text
- https://cdn.sqhk.co/joxusozomilo/jfiijao/guess_bollywood_movie_from_one_picture.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4408582/normal_5ff2d81f5e014.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4469850/normal_600fbb9a6154d.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4465133/normal_5feb883da8725.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4369525/normal_5fc97b3c1a8d2.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4408188/normal_60471b6151e25.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4469828/normal_6011b56232b82.pdfIn PDF document text
- https://cdn.sqhk.co/mixaluwekitu/gjdpOig/formula_for_area_of_a_rectangle_and_semicircle.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4457857/normal_602c71d9bcbfb.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4467589/normal_5fdcfbe4ea071.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4377905/normal_6028262cf2ecd.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://uploads.strikinglycdn.com/files/3494c3ad-5dd3-4d39-97fc-a1d641785907/burger_king_menu_prices_2020_deals.pdfIn PDF document text
- https://s3.amazonaws.com/lumixi/is_allegiant_air_offering_refunds.pdfIn PDF document text
- https://s3.amazonaws.com/zafaronivaj/konirudaxejurawub.pdfIn PDF document text
- https://s3.amazonaws.com/julexekubaj/fermentacion_aerobica_y_anaerobica.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/b1f0a5d2-6416-4854-a059-d0ebe1585021/divina_commedia_canto_1.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/d2cc6a15-60c0-4424-b4c9-11e018fab728/install_audacity_in_linux_command_line.pdfIn PDF document text
- https://s3.amazonaws.com/xarojapi/blackheart_haven_veteran_guide.pdfIn PDF document text
- https://s3.amazonaws.com/tibitexil/methods_of_data_collection_in_qualitative_research.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/7ee3a95e-a39b-4833-8ab5-a4f3cfd78d71/what_are_nile_valley_countries.pdfIn PDF document text
- https://s3.amazonaws.com/xijilesuzuxo/atheist_books_in_tamil.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000103fe.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x103FE | 5376 bytes |
SHA-256: 650bbe9fbe9cdcd449a158e295a7b86066d904e6665fdb2b20b6d14275fa2982 |
|||
font_01_sfnt_off0001162d.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1162D | 10940 bytes |
SHA-256: be7c02d5efa045f7e28efb14871b012a2bb794514d744f3f73c3bee043472628 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.