MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
This PDF document was flagged as malicious by ClamAV and an ML classifier. The file embeds external URLs that direct users to attacker-controlled resources. Specific URLs and indicators for this sample are listed in the indicators section.
Machine Learning
- Nyx PDF Classifier malicious score 0.9945
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://bologen.ru/strik?utm_term=razonamiento+logico+matematico+exani+ii PDF link annotation
- https://static.s123-cdn-static.com/uploads/4382186/normal_5fe3549f8c29f.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4500447/normal_5ff08a8b4cc23.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4414494/normal_5ffc0aa20b0ef.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4371808/normal_601617836b2cf.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4428083/normal_5ffb4ed6f3dae.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://uploads.strikinglycdn.com/files/77d0048e-7b7d-4f1b-ac8d-533e58d99783/84288043280.pdfIn PDF document text
- https://s3.amazonaws.com/pusolefosex/what_are_the_4_types_of_miracles.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/0a399ba3-c2e1-4f27-a4ee-fe3a9c64e6c7/company_of_heroes_mods_free_download.pdfIn PDF document text
- https://s3.amazonaws.com/sajatofubote/30220272812.pdfIn PDF document text
- https://s3.amazonaws.com/fixararololu/ao_smith_water_heater_parts_manual.pdfIn PDF document text
- https://s3.amazonaws.com/bipepezuwed/wojoxitav.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/74393211-d35d-4566-ab8b-f86aa2089ad5/ge_geospring_hybrid_water_heater_service_manual.pdfIn PDF document text
- https://s3.amazonaws.com/kefefetafij/relacin_entre_materia_y_energa_en_la_nutricin_celular.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/d86a2bf3-73b1-4651-847b-4ac1fe48b92e/how_to_use_kali_tools.pdfIn PDF document text
- https://s3.amazonaws.com/befarekogol/blogger_html5_templates_free.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/ae4a8214-9c78-4f8e-b2a1-50670fd101cc/what_qualifications_do_you_need_to_be_a_caregiver.pdfIn PDF document text
- https://s3.amazonaws.com/vawoginele/detoboza.pdfIn PDF document text
- https://s3.amazonaws.com/juvuraguvutoxif/spotify_free_version.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/401eab5e-42ad-4954-ae1f-0047e35f0af6/62090143871.pdfIn PDF document text
- https://s3.amazonaws.com/vebisop/94824095817.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/33f9b364-efb8-4617-ab83-ef35cd6f9a11/bepajositagokekerofog.pdfIn PDF document text
- https://s3.amazonaws.com/mevuzokekenojab/brother_printer_clean_unable_46.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/4429ec17-ec01-4d03-adbd-6b4db46044b4/69159611785.pdfIn PDF document text
- https://s3.amazonaws.com/ximupuv/chino_hills_weather_report.pdfIn PDF document text
- https://s3.amazonaws.com/xijalovelokolep/puvepufozujufonowunu.pdfIn PDF document text
- https://s3.amazonaws.com/xoxaneral/xiputogekuf.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/914cafda-aa02-4fe4-88df-aa0c9488ac83/what_is_the_best_electric_food_slicer.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
- http://sinhala.sourceforge.net/In PDF document text
- http://sinhala.cvs.sourceforge.net/viewvc/*checkout*/sinhala/sinhala/fonts/CREDITSIn PDF document text
- http://www.gnu.org/licenses/gpl-2.0.htmlIn PDF document text
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00010ac5.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x10AC5 | 4968 bytes |
SHA-256: c7b6e745377473e941f2aca5d429e8f9bae6905401e645d042d4d5ab8e9a887d |
|||
font_01_sfnt_off00011b74.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x11B74 | 24692 bytes |
SHA-256: 8aaa3a1f4431837a32b471a8adad3d88a2d31e433fef7fe31a4da3f1bb767d66 |
|||
font_02_sfnt_off000158dd.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x158DD | 10780 bytes |
SHA-256: f0434c1bb6658f5a90ba576663448232f371d76ea646333896c41177819c25c5 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.