MALICIOUS
162
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
This PDF document was flagged as malicious by ClamAV and an ML classifier. The file routes users through malicious redirector infrastructure and presents a deceptive download button. Specific URLs and indicators for this sample are listed in the indicators section.
Machine Learning
- Nyx PDF Classifier malicious score 0.9993
Heuristics 5
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTONDocument contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://yafferge.ru/strik?utm_term=afterburn+aftershock+full+movie+free+download In PDF document text
- https://static.s123-cdn-static.com/uploads/4414161/normal_5fedaabd9d25b.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4381988/normal_600b7294a4ec2.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4444092/normal_5ffbe076a910c.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4386595/normal_6064b2e11e3d4.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4404524/normal_60246bbc04206.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://uploads.strikinglycdn.com/files/134e6f25-6f4c-480b-91bb-51d87a9443b7/zavudatuwevifivipunofafog.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/821d2cd7-78c7-47c4-a3b5-57c44c981455/irritrol_rd-600_setup.pdfIn PDF document text
- https://s3.amazonaws.com/genukopapovixo/the_art_of_fabric_manipulation.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/095d02fc-b321-4d44-bf8e-461895c1451c/how_do_you_manually_sort_in_a_pivot_table.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/aadf7af4-a232-4f08-b064-80637126d275/casio_pro_trek_prg-270-1er_prezzo.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/b11558a1-acd8-4e15-9bd4-cf58a190c3b5/why_does_my_canon_printer_turn_off_by_itself.pdfIn PDF document text
- https://s3.amazonaws.com/zuses/zaxek.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/0de06b6d-f287-44a4-bb9b-15a891a54064/jbl_cinema_sb400_troubleshooting.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/8df5ebed-73f3-4b01-b96f-7e378dab6326/malidufenorov.pdfIn PDF document text
- https://s3.amazonaws.com/belapawerezuju/cecil_medicine_book.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/6c27c88e-c918-4829-9294-dd2dddaf674b/famolitoxazifi.pdfIn PDF document text
- https://s3.amazonaws.com/fonazuzixagizir/adriano_zumbo_recipes_book.pdfIn PDF document text
- https://s3.amazonaws.com/nagev/pokemon_go_update_alola_forms.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/11568596-1093-4e24-91db-9d372d19f2d1/sparrow_academy_umbrella_academy_comics_wiki.pdfIn PDF document text
- https://s3.amazonaws.com/fedojigudaj/stand_by_me_doraemon_movie_trailer.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/0ff9e7ae-9922-4cb4-892e-82b6fa402b68/gta_v_apk_data_zip_free_download_for_android_revdl.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/1bd8bcca-7fbf-4ce2-bafb-73126715776f/44047256770.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/c4970a38-ce77-4912-a2a3-ae0077ebc416/disoza.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/19e74b2e-3d08-4fc5-8108-e78c32b4f91f/ipod_touch_5th_gen_camera_specs.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000fc71.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xFC71 | 5604 bytes |
SHA-256: 1b4fe038b4bede88d236f654a49c7659f9703e5c425a2b381afd92e658767cc4 |
|||
font_01_sfnt_off00010f6e.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x10F6E | 10732 bytes |
SHA-256: d9848a06e5a7cac1b05d6fdce607e7e2962cd6e87f841f9ee8869ef111748883 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.