MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
This PDF document was flagged as malicious by ClamAV and an ML classifier. The file embeds external URLs that direct users to attacker-controlled resources. Specific URLs and indicators for this sample are listed in the indicators section.
Machine Learning
- Nyx PDF Classifier malicious score 0.9996
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://midufefew.ru/strik?utm_term=contractions+worksheet+first+grade PDF link annotation
- https://cdn-cms.f-static.net/uploads/4374189/normal_604639d142054.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4487905/normal_603361565d44f.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4480595/normal_5fe10eab40dcf.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4405654/normal_606bef791b982.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://uploads.strikinglycdn.com/files/ab85c38f-85f2-4055-92e4-ec92c7e52132/xuvubisuruwonoboz.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/148e881b-1122-4f17-ac9a-91e6051bc30f/33382848809.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/beacf8ea-9722-48a2-a068-9c7954d18d56/machine_learning_vs_deep_learning_vs_data_mining.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/6a53229f-fd0e-467c-8871-73c6c6014c84/kesukekefizulisukixuwi.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/8e6df1ce-95e7-4ae3-afca-d3aa7d54da63/fisher_price_swing_broken_motor.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/e3dcba29-31fb-4fc3-a6cf-a043f591bfd0/proform_725ex_treadmill_belt_replacement.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/b0c6beb3-8f16-418e-b40a-1cbeef9d8161/marx_capital_chapter_27_summary.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/c2feddd2-a1ab-4b99-9e7d-56635e0cf7b4/wejenefivajajapi.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/94d619c6-70c1-4d4c-b737-e0859ad0c732/what_is_critical_thinking_in_english.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/9246079a-3899-4a3f-a06c-355447b03db1/facebook_auto_liker_download_iphone.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/d072da70-3d89-4e9c-b3db-ba423428484a/public_relations_contract_jobs.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/8c8684cf-0a19-407a-896a-6fdba0abe12f/husqvarna_viking_emerald_116_eller_118.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/2be55af5-89c1-4028-8686-e4092376134e/54629633073.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/0a5246f8-771e-4466-af74-ed2be3a739f0/kazigedasopemizowevo.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/daa6c52c-a432-4499-9ed9-4d8c8ee11828/computer_basic_course_in_hindi_download.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/596c40b8-dee9-4c53-a167-b7171b52425b/how_to_load_topo_maps_on_garmin_etrex_30.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/dfc548f1-76ab-4250-9290-8338d66e2776/10140251421.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000d909.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xD909 | 5312 bytes |
SHA-256: 1fc62346e6add33b45048df941b4e775d2eca567534b3cc8a7a36413c03da93a |
|||
font_01_sfnt_off0000eb25.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xEB25 | 10536 bytes |
SHA-256: 7ed2796b1eb5822f6f96d11d31a4d80a67ec0c71e6240a07e3db984d196bf8c6 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.