MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
This PDF document was flagged as malicious by ClamAV and an ML classifier. The file embeds external URLs that direct users to attacker-controlled resources. Specific URLs and indicators for this sample are listed in the indicators section.
Machine Learning
- Nyx PDF Classifier malicious score 0.9996
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://lozipotod.ru/strik?utm_term=tafsir+as+sa%2527di+juz+30+pdf PDF link annotation
- https://cdn.sqhk.co/suxavawudomo/ihmQg00/xamupofidelerojizikuj.pdfIn PDF document text
- https://cdn.sqhk.co/tirewaku/xdPOjj2/94302726805.pdfIn PDF document text
- https://cdn.sqhk.co/feketukadoz/jiRjaWM/orionid_meteor_shower_2020_texas.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://uploads.strikinglycdn.com/files/a1f5664b-3094-4a9f-b07e-ab9c2d3caf44/banux.pdfIn PDF document text
- https://s3.amazonaws.com/vogubivajavofu/ankhon_dekhi_ming.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/2680d4ff-b0b6-438c-9ad1-1e31b202c46a/who_is_lestat_in_interview_with_a_vampire.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/c0446220-67d0-4c8a-a665-998c85fa4c41/71833708953.pdfIn PDF document text
- https://s3.amazonaws.com/fevobelijogal/mixebirirusud.pdfIn PDF document text
- https://s3.amazonaws.com/tezofuretejom/revolution_2020_chetan_bhagat.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/d6166fe9-de1b-4a7d-82f4-3adc181f9598/63705091094.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/bc44fc70-16c3-4da2-bb67-91d26d755c7b/nofiz.pdfIn PDF document text
- https://s3.amazonaws.com/juliziwojatige/65402740364.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/95332f04-a5e4-4ece-ba35-ff97873e600c/lash_extensions_training_near_me.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/f5f67e95-896b-45a5-a25d-ec9d25468670/suwofarusu.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/3968e40b-34e0-451f-9ff8-e17c5be2fbec/nizezatofisaj.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/6cebb11e-1617-41dc-b972-cc8b01a95a9e/grey_sheet_overeaters_anonymous_food_plan_blue_sheet.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/c45b7a0d-3a15-41d9-aec3-5aa0d1bcf542/crazy_catholic_saint_names.pdfIn PDF document text
- https://s3.amazonaws.com/lixuzo/32984879086.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/84fce64c-d159-4163-893e-f04b4166f24e/71794167439.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/27c2719e-5515-4e97-859e-b45d6d1bb570/bergey_manual_of_determinative_bacteriology_edisi_9.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/bb77a5e5-c479-4bcf-8db2-93888605a404/my_cloud_home_desktop_app_download.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/3edd5662-b9f1-4aec-94ab-0daf69accac1/sewujenonijuradugikas.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000d080.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xD080 | 5416 bytes |
SHA-256: 8da3c4f1cadf87335152fb73c0d36db152ec0de919284cd73be1a8ea6cb5b287 |
|||
font_01_sfnt_off0000e310.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xE310 | 10544 bytes |
SHA-256: ad31b2ac651bdbf0215b941010cc78ef5548058d7c4035b3be974109599d12d1 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.