MALICIOUS
136
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1203 Exploitation for Client Execution
T1059.007 JavaScript
This PDF document was flagged as malicious by ClamAV and an ML classifier. It uses a fake browser/software-install lure. The file embeds external URLs that direct users to attacker-controlled resources. Specific URLs and indicators for this sample are listed in the indicators section.
Machine Learning
- Nyx PDF Classifier malicious score 0.9990
Heuristics 5
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
Browser extension / update installation lure high SE_BROWSER_INSTALL_LUREDocument tells the user to install a browser extension, plugin, viewer, or browser update to view content — a common social-engineering path for credential theft and malware installation
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://botokaw.ru/123?utm_term=pirates+of+silicon+valley+1080p PDF link annotation
- https://cdn-cms.f-static.net/uploads/4446285/normal_5fe9355c2aa1e.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4466135/normal_5fc79cca28919.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4457296/normal_5fdffefd7e134.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4417656/normal_601ddbedb2acc.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4413850/normal_5ff60827486c1.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4426261/normal_5fca80b1ce15d.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4419623/normal_5fc99c0530053.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://uploads.strikinglycdn.com/files/a66b370e-42bc-4442-9c2d-71c1a8314709/xodenabomakep.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/b098e563-b6be-4fd7-9f2e-0625f0565f4b/star_trek_next_generation_books_reading_order.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/d6e3ffc9-52c9-4310-b07a-5219f2bb133e/45888019729.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/67f29c46-c2f9-459b-8b05-c456a6ed1f1a/kitekasijebaj.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/8de80b17-4ff3-4e2b-9ff6-4d01b72cc295/sijixosezazili.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/64475fc1-1ec0-48b2-9be3-9cff939a2ded/batigudoxedem.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/b2fe42e7-6205-4711-ad10-8b1309148ad1/jizuladexazax.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/9c2970b4-1f34-4d18-991c-8b1ddc672022/esv_bible_app_for_mac.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/740a7802-a847-4cf2-bb30-b928a4d2507d/2010_victory_cross_country_owners_manual.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/b3a0b67f-b90c-48bb-8ce9-4fe4855cd14c/what_are_the_methods_of_payment_used_in_international_trade.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/6938d8e3-ab3f-4fe6-8a63-22e0b005da46/waxobasusuredu.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/89445089-cd75-4f5e-a282-d17d19898368/ponugeva.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/660f5105-8954-45ed-83cd-3ad223d6fc7f/mozobigesode.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/fbda40a2-fcd4-418a-a86b-5b716c7e4767/gavakowureneki.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/cc17873b-476d-4eb1-92f2-6343ef1513f3/linetage.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/fb6947ea-bb79-403e-b585-fcd6c4fcb1d0/begesijepisosupo.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/268e7cf9-1789-4848-85d0-5d15298541b6/99338006758.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
- http://dejavu.sourceforge.netIn PDF document text
- http://dejavu.sourceforge.net/wiki/index.php/LicenseIn PDF document text
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000f795.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xF795 | 5560 bytes |
SHA-256: 298afd52b09794134c9f1a7d3c34bfb74147b153601eb2b1267409f5de0fa5b8 |
|||
font_01_sfnt_off00010aa5.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x10AA5 | 12344 bytes |
SHA-256: 7a78677a3ec72d09425dd57f9c5d7b7ffebba6203ad6e5efd40b704b873991ef |
|||
font_02_sfnt_off00013310.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x13310 | 16304 bytes |
SHA-256: 3552f371fba07a3f0d089d7fb2cc2b0c7477eb9bec3c75657d980a5cf22a357f |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.