MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The file is a PDF document that contains an embedded URL pointing to a suspicious domain. Heuristics indicate the presence of an external URI and the ML classifier strongly flagged it as malicious. ClamAV also detected it as a phishing trojan. The document body and metadata contain references to the URL, suggesting it's a lure.
Machine Learning
- Nyx PDF Classifier malicious score 0.9998
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://traffine.ru/strik?utm_term=5e+horizon+walker+multiclass
- https://cdn-cms.f-static.net/uploads/4478716/normal_5fa75a9e86cb3.pdf
- https://cdn-cms.f-static.net/uploads/4411932/normal_5f9de7b1c82b5.pdf
- https://cdn-cms.f-static.net/uploads/4498366/normal_5faaf88569fbc.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- http://www.daltonmaag.com/
- https://s3.amazonaws.com/naxizugenabi/88153569274.pdf
- https://s3.amazonaws.com/putelekireza/jedexifov.pdf
- https://s3.amazonaws.com/zuxadol/administrao_direta_e_indireta_questoes.pdf
- https://uploads.strikinglycdn.com/files/45389986-cb98-4488-9e91-1c246b38c9e9/6823985538.pdf
- https://uploads.strikinglycdn.com/files/1d318d8d-e9ec-457d-8889-76d2743fa4c0/satibubogonukaxi.pdf
- https://uploads.strikinglycdn.com/files/b4aa24ff-5e4f-48da-acad-3decd22a91f2/calculate_with_confidence_6th_edition_free.pdf
- https://s3.amazonaws.com/fajixe/piano_key_scales.pdf
- https://s3.amazonaws.com/paxivogedewilu/portfolio_recovery_associates_stock_price.pdf
- https://uploads.strikinglycdn.com/files/c12bcd3c-1df7-4e39-adbb-7b7b8513ffd5/ditap.pdf
- https://uploads.strikinglycdn.com/files/92f65c77-fd1e-4f78-9497-b81a922be03f/watepalixikodi.pdf
- https://uploads.strikinglycdn.com/files/e4f1d2df-4bc1-48e7-a957-be097d584544/jumaxurekuwugegivafonut.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000d6c2.binb2e6596ef3b65ab7df8b1d83960678dc3d407b721efbecac9dea430d1a6e4cfc |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xD6C2 | 5156 bytes |
font_01_sfnt_off0000e833.bin88c554f8293ed5f923baa96d170a0722647fa353c180f032ca1ce7c6b407fb35 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xE833 | 10136 bytes |
font_02_sfnt_off00010b03.bin4fcfa7c68d76e23b667942a3ac892d2d5d88346478daafc61479ad4df4af3dd3 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x10B03 | 4324 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.