MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
This PDF document was flagged as malicious by ClamAV and an ML classifier. The file embeds external URLs that direct users to attacker-controlled resources. Specific URLs and indicators for this sample are listed in the indicators section.
Machine Learning
- Nyx PDF Classifier malicious score 0.9960
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://soxebez.ru/wix?keyword=twc+tv+apk PDF link annotation
- https://cdn.sqhk.co/mabisurud/2hbgfdH/xalifidazumukupa.pdfIn PDF document text
- https://cdn.sqhk.co/fefamuve/jWoedZE/wujusazaxopajumubilefonil.pdfIn PDF document text
- https://cdn.sqhk.co/nalawanuxa/iaEgi7s/super_warrior_arc_all_characters.pdfIn PDF document text
- https://cdn.sqhk.co/lididiregi/haq9jao/subway_idle_3ds.pdfIn PDF document text
- https://cdn.sqhk.co/dewufidabo/Lj4hhHT/panilosodi.pdfIn PDF document text
- https://cdn.sqhk.co/fuvopone/O9UjbFK/fogalilafemuxika.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://uploads.strikinglycdn.com/files/955e889e-22e9-4321-9036-cb2dfc6d8a69/zenavewiwumadugixedosipod.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/a3e13ca5-c0e1-4a93-b6d9-5f36fd88d624/vunimedorakilovibutuzeref.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/595d1adb-4ef6-4e73-beae-bd795dfb3fa9/notokabaxojimomuguvot.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/3b586b6d-7c03-44c9-8513-25af10e1cd95/campark_t75_trail_camera_manual.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/5d8eaa2a-6dbf-4793-ba9f-689404695b3f/2008_ford_escape_transmission_fluid_fill.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/6278eee5-f14f-4e06-a051-ae485dcfb27b/majazapewawonirutatok.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/511535a6-d51f-4d29-9772-1ad308fbd52b/63729160429.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/85b6dc1a-1f63-41be-b3d0-5382d8f4cc66/nidiselefewapetegowejomo.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/950604e8-1437-4192-94a0-46441d6096a6/94905824667.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/0b23f10b-a9ec-483c-b774-446abcda3033/67419408509.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/fa40fc6b-17e9-483b-95b7-b7d5a91f898a/which_country_is_good_for_finance_jobs.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/8e152c88-562f-4009-948a-d1b2ce8ef502/what_to_do_if_my_vizio_remote_is_not_working.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/dd864356-4b16-48d9-9be1-e0ff0c075b6f/wikugulabezopofekexojexe.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/44cfb465-bf45-4e96-b7ff-290f68c20206/38851542893.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/e98ea1cf-109c-4e72-8b80-4ea63c3b6846/navy_reserve_advancement_exam_dates_2021.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/bdd63ed9-f824-4eaa-95eb-7f3ea2d979b4/74205472882.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/abcef68f-5dc2-4f08-86cf-dd576fd76e8e/zizukizumezotetej.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/621fdf3c-e239-404f-9619-8a0efd70c9bc/why_is_ctrl_not_working_in_excel.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/b99429b5-a808-4119-b069-af98568907b9/flowers_in_the_attic_2_cast.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/25557962-ec23-4042-8074-e716310d88f6/9097878388.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000eba6.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xEBA6 | 4788 bytes |
SHA-256: a5aab68192259386a0d969fc443d2278352e6a088f4e6fd604b7f42b80fabc1b |
|||
font_01_sfnt_off0000fc25.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xFC25 | 10648 bytes |
SHA-256: eee386ae4b224f61229eba184055b23d53ce6d4486ca97eba9c38ad42d51cc46 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.