MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
This PDF document was flagged as malicious by ClamAV and an ML classifier. The file embeds external URLs that direct users to attacker-controlled resources. Specific URLs and indicators for this sample are listed in the indicators section.
Machine Learning
- Nyx PDF Classifier malicious score 0.9964
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://druttle.ru/award?keyword=tecnica+paracentesis+abdominal+pdf PDF link annotation
- https://static.s123-cdn-static.com/uploads/4469358/normal_5fc8ced8dcffd.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4412895/normal_6068e4503474a.pdfIn PDF document text
- https://cdn.sqhk.co/zixapegof/gihfmiM/58209477286.pdfIn PDF document text
- https://cdn.sqhk.co/noluxokeruma/ijuajP3/pewavafem.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4481052/normal_60196aa1d67d3.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4370542/normal_5fc6cd59f3bb4.pdfIn PDF document text
- https://cdn.sqhk.co/xumelesep/gX0IkKZ/semopegaziwimi.pdfIn PDF document text
- https://cdn.sqhk.co/retirijozi/zgd7ica/tigunozudabari.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4480749/normal_60614f2159c99.pdfIn PDF document text
- https://cdn.sqhk.co/pigajifaw/zY3E3ii/19975591912.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4384832/normal_5fe13c855e29e.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4453885/normal_601e12f8754e8.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4492294/normal_5ff13ea2c03f7.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://uploads.strikinglycdn.com/files/f6b34c84-e188-46c6-acae-cdf0812d4663/68716475631.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/4f7fdda9-cb2e-4f30-9f16-7cd7e022292b/does_trigonometry_work_with_non-right_triangles.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/9c213ee1-c4a4-490f-8d87-baac30b753b8/8629892463.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/c0ed9308-3b1f-4970-ad14-f62db21cb1b0/94687416565.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/3ef22693-b2f6-45b4-ac42-05bac5ffe944/what_are_the_rules_for_sex_offenders_in_michigan.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/7e167294-4130-4772-b976-c07b16ca9a8b/25851489357.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/dbb8c9a0-dca5-4da2-b8cd-3d262b0e262a/keramafosizu.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/97f9eb84-3d4d-4f60-8aa1-cbd9bff2b9aa/50031754353.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/b8145b50-68f1-4450-8800-e9eb6d54a2b8/how_to_find_the_area_of_a_scalene_triangle_with_coordinates.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/971de1bd-231d-4aa2-a217-db7e949ab2d3/vemefo.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/54bbc249-b72f-497b-bc3f-d988532c8639/hp_pavilion_dv6000_drivers_for_windows_10.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/6a54f00f-ff3f-480c-9047-a24dc6e0f3c2/vuzapekuvomugedofujipij.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/9631cf17-f091-41e3-b7bd-8c99473dabca/paresowaduvoxagofomot.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000f12e.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xF12E | 5392 bytes |
SHA-256: 555d53780fd7358eb155e16a13eaebc7ffed47a16148a4ab77506bdeaa121ccc |
|||
font_01_sfnt_off00010364.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x10364 | 12252 bytes |
SHA-256: 5faaf4c4a2dbb9fce173d5685ceb347dd6ad96fa58b6f473e57129e27555f9f2 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.