MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
This PDF document was flagged as malicious by ClamAV and an ML classifier. The file embeds external URLs that direct users to attacker-controlled resources. Specific URLs and indicators for this sample are listed in the indicators section.
Machine Learning
- Nyx PDF Classifier malicious score 0.9998
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://jacksth.ru/123?utm_term=facebook+video+from+mobile+app PDF link annotation
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- http://www.daltonmaag.com/In PDF document text
- https://uploads.strikinglycdn.com/files/f8c845a5-ad44-4855-a9c9-5f9814ab0a8b/lone_star_metal_detector_manual.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/4b41c6a6-0b84-435a-a1c7-72342c6437cb/55168230588.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/39b3f21b-1fb2-4d6d-b2a0-17fa4fa55906/27202310358.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/ff1ceff9-1c56-40d6-a1d5-d93574985554/honda_odyssey_power_steering_fluid_change_cost.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/84a5a9f2-2114-4b6d-9586-fc08af5d2634/mathematical_rules_for_exponents.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/304a3ac6-e217-4535-9657-b5114b63876e/how_to_make_cadmium_yellow_medium.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/550a1654-cd20-408d-9e24-da20ed1d6d2e/atkins_physical_chemistry_10th_edition_solutions.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/0c84fa09-31fe-4ded-bf42-1b52a146f10b/talinasetotuliruraxulapi.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/4b8a70ea-88bc-40fa-b062-d747e425dd36/80925197787.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/61b87d20-651f-46ed-9340-cfdfb7911541/leyes_de_kirchhoff_problemas_resueltos.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/c69da00a-75f6-468b-934f-d074037edb70/vikuxitelifosurubo.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/c83fce2f-d0b5-4488-9aef-51361472350a/33350479238.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/aebffd4b-f244-453e-8c2c-1f9625666fff/32787326096.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/ef4dd32e-ac36-454e-b72d-b7ce7ddc2ce3/lugazitudumafik.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/2e6291bc-ecfa-4d64-88b1-b7158b6b6c10/study_plan_sample_computer_science.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/4f6a1860-5a75-4bb5-bfbb-010a8430b727/gimexodemapisefo.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/cd787a4b-edcd-425d-b2e6-3789226d7238/why_homework_is_bad_statistics.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/2b375ee8-5839-4f7d-b593-0a823d6d5209/extreme_yoga_poses_for_2_easy.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/37ff1d52-bb05-4f81-aa57-131ccbea7f0d/khan_kluay_2_full_movie_download.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/e32c027c-02b6-4e75-ad99-36a575d2cf72/jirikupaworoxolelem.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00016fba.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x16FBA | 4944 bytes |
SHA-256: 6ca49d432e71036f128795ca3fb110f56a8f776e009f0386d7ec63313fd419c6 |
|||
font_01_sfnt_off00018081.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x18081 | 12044 bytes |
SHA-256: 2dabfcb0b81adcf4aed352bfcde94ea78c48607d47a67b42abe8c727ed60e7a3 |
|||
font_02_sfnt_off0001a95a.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1A95A | 4324 bytes |
SHA-256: 1158d95dac44631f497756703988ba3645251422e7ff0015d3fca430225e7c3e |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.