MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
This PDF document was flagged as malicious by ClamAV and an ML classifier. The file embeds external URLs that direct users to attacker-controlled resources. Specific URLs and indicators for this sample are listed in the indicators section.
Machine Learning
- Nyx PDF Classifier malicious score 0.9990
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://mezovuduw.ru/wix?keyword=the+moustache+by+robert+cormier+summary PDF link annotation
- http://idealica-italiaoficial.site/85398489647hnmip.pdfIn PDF document text
- http://remastacer.com/86489252228oz3yz.pdfIn PDF document text
- https://cdn.sqhk.co/peruvereraba/XH5idqN/teachers_assistant_resume_sample.pdfIn PDF document text
- https://cdn.sqhk.co/pidagasew/kihgh3Z/7265219937.pdfIn PDF document text
- http://airbin.top/3494548529xtgdg.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://uploads.strikinglycdn.com/files/12083793-c2ab-4ba0-9931-b9c57eb18e51/dewalt_pressure_washer_hose_3400_psi.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/186856ba-ee6d-4186-8a81-f674cbee25d9/cessna_182q_service_manual.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/1543f3b5-f487-4ad0-b607-3820ed8571be/which_word_does_not_belong_with_the_other_two_likely_probably_possibly.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/9c538696-9880-4ed9-af72-acdfaeebe5aa/fallout_4_art_appreciation_bug.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/10e1db03-44c1-4c79-a4df-dd8040d19008/daderunamoni.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/f941b931-953a-4431-8962-ba368aba279b/what_is_mean_by_household_income.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/0b861892-1825-4d18-95e4-4b76349d7111/bryant_plus_90_inducer_motor_replacement.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/1b66437f-7ab1-4601-af40-9fb72134027a/zovisozajefufidupo.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/0e90aea7-e1a6-4ef6-9ec2-fb960de8cbfd/the_aeneid_mandelbaum.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/d209de57-cc57-40ff-a8bc-fd7392fae095/are_european_brown_bears_dangerous.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/ab3a4656-f4a2-4aaf-895b-15bea2f69ade/bsa_benefits_handbook_2020.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/42b28939-bd8f-4463-91df-996373cb47a3/how_to_get_power_of_attorney_for_elderly_parent_in_texas.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/b9d5de7e-8642-449f-a347-6ef0881d4d18/ford_mustang_gt_2014_engine.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/50417e5a-b376-4298-ac14-1e7affe5d077/manual_em_portugues_alesis_midiverb_4.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/7b047660-2e54-415a-8c64-80f53d48d4e3/xosezevoxakobifuwowikagu.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/01cb75fe-d23e-4d93-9a9c-e2e288711af2/pifemexuxudoxekinuwaz.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/5a4113f8-5e16-4468-9130-bec60987ade9/dovipepidagifubugivazoj.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/f6b8f0ea-91af-4e5e-81e5-d52bdffe0a62/tokolebomatusuk.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/e1c5e1bc-74eb-476e-80ab-edcb45387222/21576679111.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/ef3e6aa8-c186-4f8d-ab9e-1b42cdafefe4/rumetilupoxugekerelob.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000edde.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xEDDE | 5200 bytes |
SHA-256: 5f9540e1fbe4592cb1d7e700ae9c85f6fc0e23f74b34ef8f4316b5dc0beef80f |
|||
font_01_sfnt_off0000ff65.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xFF65 | 10400 bytes |
SHA-256: 62bdb3236869d547e0d6c40cab28cd1548f6f721a43fbef16478247027dcbcef |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.