MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF file was detected as malicious by ML classifiers and ClamAV, specifically flagged as a phishing trojan. It contains an embedded URL pointing to a suspicious domain, likely intended to deliver a malicious payload or phish for credentials. The document body, though heavily obfuscated, contains text that appears to be a social engineering lure.
Machine Learning
- Nyx PDF Classifier malicious score 0.9998
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://trafffe.ru/strik?utm_term=winky+face+text+from+a+girl
- https://cdn-cms.f-static.net/uploads/4370059/normal_5f9094e56fec3.pdf
- https://cdn-cms.f-static.net/uploads/4369765/normal_5fb388058e0b9.pdf
- https://cdn-cms.f-static.net/uploads/4369914/normal_5fa2e8f030dfe.pdf
- https://cdn-cms.f-static.net/uploads/4367648/normal_5fbebff5e0de5.pdf
- https://cdn-cms.f-static.net/uploads/4368788/normal_5fd7d909dfe70.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://static1.squarespace.com/static/5fc681d1104edf1d77a7ddee/t/5fcbeb76190ee82df8eab9db/1607199607729/96555832288.pdf
- https://static1.squarespace.com/static/5fc0e464ab79f442f229936f/t/5fc228f12dd96f5918377224/1606559986303/search_and_rescue_merit_badge_workbook_answers.pdf
- https://static1.squarespace.com/static/5fbce344be7cfc36344e8aaf/t/5fbd1b6e4397200107e34052/1606228846905/plants_of_the_gods.pdf
- https://static1.squarespace.com/static/5fbce344be7cfc36344e8aaf/t/5fbf4b379d79364840844717/1606372152045/mejasu.pdf
- https://static1.squarespace.com/static/5fc7a56e43c5ee75bf2d73ce/t/5fca4388d7c3040d873d2553/1607091082486/xikazevozisa.pdf
- https://static1.squarespace.com/static/5fbce344be7cfc36344e8aaf/t/5fbcee3568bfc51861665780/1606217270080/samsung_60_inch_smart_tv_walmart.pdf
- https://static1.squarespace.com/static/5fc3486312facd59cebc5192/t/5fd61dc672b1137fa96da630/1607867846819/sepsis_diagnosis_guidelines_2017.pdf
- https://uploads.strikinglycdn.com/files/fa4301ef-1eca-4479-a06a-e507c3ed1f01/13998249215.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000d085.bin21653525a3f228e505eca9b9383294a5673265bdd81761937661c224aad3aaa8 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xD085 | 5272 bytes |
font_01_sfnt_off0000e27e.bin1ccf8045c7af1f4c48f2f8dd03aa22bce3546c73e07be6c845c6409d41774a54 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xE27E | 11084 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.