MALICIOUS
66
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The file is identified as malicious by ClamAV with a Pdf.Phishing.Trojan signature. It contains an embedded URI pointing to 'https://trafficel.ru/123?utm_term=trinco+dry+blast+manual', suggesting a phishing or malware distribution attempt. The document body, though heavily corrupted, contains references to 'Trinco dry blast manual' and 'wkhtmltopdf', indicating a lure to disguise the malicious intent. No scripts were extracted, but the presence of embedded URLs and the ClamAV signature strongly suggest malicious activity.
Machine Learning
- Nyx PDF Classifier clean score 0.0181
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://trafficel.ru/123?utm_term=trinco+dry+blast+manual PDF link annotation
- https://cdn-cms.f-static.net/uploads/4389394/normal_5f9edea6c9fa1.pdfIn PDF document text
- https://fuvipizewovotat.weebly.com/uploads/1/3/1/0/131069886/6969793.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4378846/normal_5fa1eb528f74a.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4365549/normal_5fa1bbf9696ca.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4366018/normal_5f89b3df9b444.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4451375/normal_5fa697da8bf62.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4402722/normal_5fa3e4727244b.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4369524/normal_5f9012e15243d.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4368248/normal_5f8be0c7410cf.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4378605/normal_5fa793bb3ab88.pdfIn PDF document text
- http://fontawesome.iohttp://fontawesome.io/license/In PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- http://fedorahosted.org/lohitIn PDF document text
- http://smc.org.in)MeeraRegularMeera2016SMC7.0.0+20171102HussainIn PDF document text
- http://smc.org.inhttp://smc.org.inIn PDF document text
- http://www.daltonmaag.com/In PDF document text
- http://scripts.sil.orgThisIn PDF document text
- http://www.fontrix.comhttp://www.nhncorp.comIn PDF document text
- http://www.thdl.org/http://www.thdl.org/TibetanIn PDF document text
- http://linux.thai.net/projects/fonts-tlwgIn PDF document text
- http://www.thaitux.infoIn PDF document text
- https://s3.amazonaws.com/memul/camera_lenses_types.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/e30a4faa-958d-4573-aff3-963bb55b8e13/46460750052.pdfIn PDF document text
- https://s3.amazonaws.com/juvuraguvutoxif/liftmaster_elite_series_manual.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/876f9bf0-e4df-4575-8c8d-fdeb0cba3696/summer_drawing_classes_for_teens.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
- http://dejavu.sourceforge.netIn PDF document text
- http://dejavu.sourceforge.net/wiki/index.php/LicenseIn PDF document text
- https://gitlab.com/smc/meera/blob/master/COPYINGIn PDF document text
- http://fsf.org/In PDF document text
- http://www.gnu.org/licenses/In PDF document text
- http://www.gnu.org/philosophy/why-not-lgpl.htmlIn PDF document text
- http://www.gnu.org/licenses/gpl.htmlIn PDF document text
- https://savannah.gnu.org/projects/freefont/In PDF document text
- http://www.gnu.org/copyleft/gpl.htmlIn PDF document text
- http://scripts.sil.org/In PDF document text
- http://scripts.sil.org/OFLAbyssinicaIn PDF document text
- http://sinhala.sourceforge.net/In PDF document text
- http://sinhala.cvs.sourceforge.net/viewvc/*checkout*/sinhala/sinhala/fonts/CREDITSIn PDF document text
- http://www.gnu.org/licenses/gpl-2.0.htmlIn PDF document text
- http://www.geocities.com/mitra_anirban/hobbies.htmGNUIn PDF document text
- http://www.gnu.org/copyleft/gpl.htmRegularIn PDF document text
+4 more URL(s)
Extracted artifacts 25
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
stream_002_off000590d6.bin |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x590D6 | 3108 bytes |
SHA-256: bcf10a5765e50f8b53fcee66f52f0eed8fe417fcdab9a5c73e4fb0a2d0279535 |
|||
stream_004_off0005a74f.bin |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x5A74F | 109836 bytes |
SHA-256: 901ecc7ed1766d662f73605be90345324c40ea0bc334ff2d6b658122d16a5e94 |
|||
stream_011_off00078816.bin |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x78816 | 125112 bytes |
SHA-256: dcc020fa7ac54a1b90e02c91c98db4c19b876904556b53a67b60e3e3c825e0c1 |
|||
stream_012_off0008fcf0.bin |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x8FCF0 | 55252 bytes |
SHA-256: 610fb56af9025ddddfec6c53f20249708bb474f1b72602d584d1c2586b584b78 |
|||
font_01_sfnt_off00059d66.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x59D66 | 2392 bytes |
SHA-256: 41f9a6c63a3aa5f67958e4dc61f9186cffbc14f87df457a382c482d1397b05bd |
|||
font_03_sfnt_off0006babe.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6BABE | 5276 bytes |
SHA-256: 58356797818b1ec90040694e9fd38187cb63215a74984c52006835bcd89bc556 |
|||
font_04_sfnt_off0006cc9d.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6CC9D | 2640 bytes |
SHA-256: fb547d907f6aed54f9d8a3b5c096965e5ba8d70fca914e6be9070123cc698852 |
|||
font_05_sfnt_off0006d6b4.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6D6B4 | 2744 bytes |
SHA-256: 46625c44b4932f807aed719dfac74ce2a49e201be404089a5d51f88d2993a1ba |
|||
font_06_sfnt_off0006e18a.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6E18A | 109756 bytes |
SHA-256: b1a9461381a4f38d477c21480bdb222b905b71f9987d170406e7f2f537122fb1 |
|||
font_07_sfnt_off00075615.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x75615 | 14140 bytes |
SHA-256: c294ea4cbff386ceeb4c28859555573235ded33b26ebd36a60c5d95bdda647a4 |
|||
font_08_sfnt_off00077cca.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x77CCA | 3672 bytes |
SHA-256: 2dd786b0cb1bc9cad729ae4f1b8f6aec560a9133db9301bf67fbc9d5263858f8 |
|||
font_11_sfnt_off00097267.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x97267 | 21272 bytes |
SHA-256: 41335f94920dc3e50a6b3c7ffa6f2de7e0908e4964519a92da7b2e418467ca1e |
|||
font_12_sfnt_off0009935b.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x9935B | 4076 bytes |
SHA-256: ad3bf3ecfadd7a933d6fd0a77838e72ffa07d0c3621c05d46b913f5c197b6460 |
|||
font_13_sfnt_off0009a25b.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x9A25B | 8168 bytes |
SHA-256: d2f4c08f558cef4d4b5be85538595049cf97d563e7ee66ed5125789d0b25f2d7 |
|||
font_14_sfnt_off0009b5c4.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x9B5C4 | 3076 bytes |
SHA-256: eb25783bb9c68bd600060f7f05b30eadb74acac6bb7ca3e319d46c4ba75dc136 |
|||
font_15_sfnt_off0009c0a2.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x9C0A2 | 3852 bytes |
SHA-256: cfd168916b6fad5c8314b0ae6c93b4e9a3a2b4007d014ca167f9700eddc9aeba |
|||
font_16_sfnt_off0009ccab.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x9CCAB | 4920 bytes |
SHA-256: d973e186b2f304703e4d77996cfda3091539b5bfab53f2ee6f6dabdcbb438bcd |
|||
font_17_sfnt_off0009db1e.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x9DB1E | 3684 bytes |
SHA-256: 69f9f564bf76d5f678eb3c11ffc3529c3131995009c6e986fe73370ca11991d2 |
|||
font_18_sfnt_off0009e6fd.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x9E6FD | 1596 bytes |
SHA-256: b3b3b14b9c2ebdfc9b616003f1b1beefc2d3d0a56c0dbb5a2c88e1eba124116e |
|||
font_19_sfnt_off0009ef09.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x9EF09 | 2240 bytes |
SHA-256: a0af108466ab6772530dab9047088ae787bb883c6a5ee20d01ff79cdcf80eb05 |
|||
font_20_sfnt_off0009f87a.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x9F87A | 13132 bytes |
SHA-256: 5cec98caf7269779464e3a1860dd42d4100256e9bda57f230609548e57ccd640 |
|||
font_21_sfnt_off000a1936.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xA1936 | 3252 bytes |
SHA-256: 48bc986823f7568a54a43de3c4c49f59853c4838b3a6ad4c7a69565b0fdccfd6 |
|||
font_22_sfnt_off000a2707.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xA2707 | 9664 bytes |
SHA-256: 70556b91ca6b97e9fd008d76f572bdd608ab99e97423309ef56a1d518d775fb9 |
|||
font_23_sfnt_off000a3b0b.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xA3B0B | 9212 bytes |
SHA-256: 663918c2eb5289ac374b3775b597afa97e2e18e7097bc1d9d8b1b301bd2e1693 |
|||
font_24_sfnt_off000a4e04.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xA4E04 | 9188 bytes |
SHA-256: 75a0791440a8fe11cb82202f9231b1789f6755963c00f2fca0f712a548a3f273 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.