MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The file is a PDF document that contains a malicious URL embedded in its metadata and body. The ML classifier and ClamAV detection strongly indicate malicious intent, likely for phishing or malware distribution. The embedded URL points to a suspicious domain, suggesting it's the primary lure.
Machine Learning
- Nyx PDF Classifier malicious score 0.9998
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://trafftec.ru/strik?utm_term=skydive+houston+waller+tx+77484 PDF link annotation
- https://cdn-cms.f-static.net/uploads/4383444/normal_5f9fbf932dcff.pdfIn PDF document text
- https://cdn.sqhk.co/sozaxejiv/WPG3eoI/12477977263.pdfIn PDF document text
- https://cdn.sqhk.co/xidujefonari/1hcFXia/phoenix_arizona_craigslist_pets.pdfIn PDF document text
- https://cdn.sqhk.co/susotizakaxe/6ijjjha/battleship_model_battleship.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4380530/normal_5fe759a0425b2.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4425227/normal_5fcb57cd70269.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4373779/normal_5fcd6804b80ed.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4451377/normal_5fe92f1f1fd78.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4389353/normal_5f92d18f3d0b6.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://s3.amazonaws.com/vudivuzakal/google_chat_format_text.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/45a0b176-699c-40cb-80d4-f66df36da423/tangled_the_series_season_4.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/293f5f60-6a0e-4ecf-9f5d-d08da7270931/iata_book.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000c780.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xC780 | 5764 bytes |
SHA-256: 6839f384ca15faf86a8aa8401b205d184720deeebb2ddd5d573c08da9fdf0b02 |
|||
font_01_sfnt_off0000db44.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xDB44 | 10380 bytes |
SHA-256: 94cb6ad9d56a4dc036de09d84747d59f13c13f9fc9074706a58fc2c506505914 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.