MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF file contains an embedded URL that redirects to a suspicious domain, disguised as nutrition facts for Dunkin Donuts. This URL is likely intended to lead the user to a phishing or malware distribution site. The ML classifier and ClamAV detection strongly indicate malicious intent, likely related to phishing or malware delivery.
Machine Learning
- Nyx PDF Classifier malicious score 0.9993
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://druttle.ru/strik?utm_term=dunkin+donuts+mocha+flavor+swirl+nutrition+facts PDF link annotation
- http://defi-bet.world/what_were_the_key_issues_in_the_lincoln-douglas_debatesuyhyt.pdfIn PDF document text
- http://taygerr.com/spanner_size_for_boltsr8mh7.pdfIn PDF document text
- http://uabiomanix.xyz/suzowemiswmwxn.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4366958/normal_6035ec29133fb.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4384649/normal_6043a238012f6.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4460447/normal_600ae4c5e80c2.pdfIn PDF document text
- http://esclick.pro/jipibedcp62.pdfIn PDF document text
- http://idealica-tufficiale.website/carbolic_smoke_ball_case62fyv.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://s3.amazonaws.com/xifabilejilab/autocad_for_interior_design_tutorial.pdfIn PDF document text
- https://s3.amazonaws.com/wuwabobujasivor/75278774538.pdfIn PDF document text
- https://s3.amazonaws.com/xufaxoferugod/42617851809.pdfIn PDF document text
- https://s3.amazonaws.com/bejikefowu/81068411386.pdfIn PDF document text
- https://s3.amazonaws.com/dukexajuj/2012_chevy_silverado_lt_review.pdfIn PDF document text
- https://s3.amazonaws.com/sojenozap/74270222930.pdfIn PDF document text
- https://s3.amazonaws.com/xoferuzu/begiriwa.pdfIn PDF document text
- https://s3.amazonaws.com/vonusirukete/king_lear_second_daughter_name.pdfIn PDF document text
- https://s3.amazonaws.com/lopeteb/how_much_do_criminal_defense_lawyers_make_uk.pdfIn PDF document text
- https://s3.amazonaws.com/fedure/37686927440.pdfIn PDF document text
- https://s3.amazonaws.com/bisiku/74495524969.pdfIn PDF document text
- https://s3.amazonaws.com/gewuwasi/vafupepewapu.pdfIn PDF document text
- https://s3.amazonaws.com/wewuxuviwar/4114094749.pdfIn PDF document text
- https://s3.amazonaws.com/pisedij/the_other_side_of_heaven_2_dvd.pdfIn PDF document text
- https://s3.amazonaws.com/wajufifenoxuj/kerin.pdfIn PDF document text
- https://s3.amazonaws.com/fomaralunex/wixawotilegajiledikeno.pdfIn PDF document text
- https://s3.amazonaws.com/zewimu/13847502161.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0001069b.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1069B | 5476 bytes |
SHA-256: e6649412390eb524337b2c9d06010fd854c0780ae8146d591d0aa5d72afc7561 |
|||
font_01_sfnt_off00011931.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x11931 | 11392 bytes |
SHA-256: 6f1959fa60b0bf3f471e8c0889df77cf8508fb6f87cecb9df94a9e1911400a0b |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.