MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF document contains an embedded URL that directs users to a suspicious domain, likely for phishing or malware distribution. The ML classifier and ClamAV detection strongly indicate malicious intent, classifying it as a phishing trojan. The document body, though heavily obfuscated, appears to be a lure related to an 'answer key'.
Machine Learning
- Nyx PDF Classifier malicious score 0.9996
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://traffset.ru/aws?utm_term=improving+vocabulary+skills+answer+key+chapter+4
- https://cdn-cms.f-static.net/uploads/4443588/normal_5fade1ad9149a.pdf
- https://cdn-cms.f-static.net/uploads/4402956/normal_5fa83df23a794.pdf
- https://cdn-cms.f-static.net/uploads/4369914/normal_5f8c212a3d113.pdf
- https://cdn-cms.f-static.net/uploads/4388608/normal_5fb98e8611ae8.pdf
- https://cdn-cms.f-static.net/uploads/4406213/normal_5f9a73e771f37.pdf
- https://cdn-cms.f-static.net/uploads/4449419/normal_5fb98f6f1e0a7.pdf
- https://cdn-cms.f-static.net/uploads/4388824/normal_5fb3b6a6d9134.pdf
- https://cdn-cms.f-static.net/uploads/4371543/normal_5f9d8f2c47336.pdf
- https://cdn-cms.f-static.net/uploads/4386361/normal_5f8e01dd729cf.pdf
- https://cdn-cms.f-static.net/uploads/4419211/normal_5f9ff029cd88e.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://uploads.strikinglycdn.com/files/d8b5f18a-abd6-4e21-96f4-4dfe088e03cf/head_soccer_championship_2019.pdf
- https://uploads.strikinglycdn.com/files/0944b53d-7e2c-4c1e-9af1-51dc53708278/spirit_world_dimension_minecraft.pdf
- https://uploads.strikinglycdn.com/files/a4f724e7-2332-4cab-9dcc-4d7a0cb25fa8/pavewotosevoso.pdf
- https://uploads.strikinglycdn.com/files/86bb00ad-1101-4255-b918-c61b2a693983/99606023599.pdf
- https://uploads.strikinglycdn.com/files/c4e27350-2c85-495e-b032-30e2c7aeefce/5102344457.pdf
- https://uploads.strikinglycdn.com/files/03d9a2f8-6506-48f0-b6e3-5c15794212af/espacio_muestral_de_dos_dados.pdf
- https://uploads.strikinglycdn.com/files/244dfb64-d4f4-456b-a7dd-ae44d227ad82/69250994189.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000afac.bin84ac18a3671ee6516c9475779428ebfc8e94657642e7443f5ec1eb0086755190 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xAFAC | 5828 bytes |
font_01_sfnt_off0000c37e.bin331ebe6cb510c953bd0269b96c88ae1dd1db726a76c4e9e30e9b707a6e35b9b9 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xC37E | 9360 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.