MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
This PDF document was flagged as malicious by ClamAV and an ML classifier. The file embeds external URLs that direct users to attacker-controlled resources. Specific URLs and indicators for this sample are listed in the indicators section.
Machine Learning
- Nyx PDF Classifier malicious score 0.9399
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://trafftec.ru/strik?utm_term=chess+pieces+meaning+in+malayalam PDF link annotation
- https://cdn-cms.f-static.net/uploads/4414487/normal_5f967620ecbe5.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4451025/normal_5fca076407647.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4370542/normal_5f9a08f5d1fe8.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4369524/normal_5fb2d490ab033.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4529095/normal_5fb337dadb97d.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4410679/normal_5fafd46d85cad.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4388432/normal_5faf98031ba85.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4497110/normal_5faefe7698505.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4462379/normal_5fa5960286840.pdfIn PDF document text
- http://fedorahosted.org/lohitIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- http://smc.org.in)MeeraRegularMeera2016SMC7.0.0+20171102HussainIn PDF document text
- http://smc.org.inhttp://smc.org.inIn PDF document text
- http://www.opentle.orgIn PDF document text
- https://static1.squarespace.com/static/5fc10303bdb33045eec2ea8e/t/5fc599cd3c6ccf69f31fb7be/1606785486747/rea_football_2013.pdfIn PDF document text
- https://static1.squarespace.com/static/5fc29fc08787e879897709a8/t/5fc9141662f59a2ed5dbef00/1607013399498/ruwosivawotokazutu.pdfIn PDF document text
- https://static1.squarespace.com/static/5fdc9fba3254dd38eed5a910/t/5fdcb06ef71e1d2dc1baf4ac/1608298607313/bezaf.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://dejavu.sourceforge.netIn PDF document text
- http://dejavu.sourceforge.net/wiki/index.php/LicenseIn PDF document text
- http://scripts.sil.org/OFLIn PDF document text
- http://www.geocities.com/mitra_anirban/hobbies.htmGNUIn PDF document text
- http://www.gnu.org/copyleft/gpl.htmRegularIn PDF document text
- https://gitlab.com/smc/meera/blob/master/COPYINGIn PDF document text
- http://www.gnu.org/licenses/gpl.htmlIn PDF document text
Extracted artifacts 11
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
stream_007_off0001918c.bin |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x1918C | 4752 bytes |
SHA-256: 28e68eb246e10d653ac8a1d9501e89bf644b2de198f5d97c6d302c15cb8dad9c |
|||
stream_011_off00021b7c.bin |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x21B7C | 32424 bytes |
SHA-256: b2c234f4901ac29a2674b2f758881878b5d13c45a5f1016a84a5741bedaa6bb7 |
|||
font_00_sfnt_off00010fa0.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x10FA0 | 11872 bytes |
SHA-256: a39c22234600dd45b55766564294a364ba1dcd4524b6cddb587c4d2366a26fb6 |
|||
font_01_sfnt_off00013703.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x13703 | 5260 bytes |
SHA-256: 0871ce60638b37e2dec76decc12bbe8b22ce43b71ecbc205a8289a9115f24713 |
|||
font_02_sfnt_off000148c3.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x148C3 | 7860 bytes |
SHA-256: c8ff317a35ce706771bc92761f50427b847c0ccc73ace650ca42242eb6279fc1 |
|||
font_03_sfnt_off00016025.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x16025 | 7344 bytes |
SHA-256: 7a33cf3e2ee276cfa93a4e33ac32da842f5befdc5eef9b7343f782b174da9c29 |
|||
font_04_sfnt_off00017855.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x17855 | 7016 bytes |
SHA-256: cd44f50001077816aef8cee640a4cf6afe968a8969b20f2763a47cb83424f4a7 |
|||
font_06_sfnt_off0001a1ea.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1A1EA | 6192 bytes |
SHA-256: 588d6d3c0a7377994220909257a3acffc5aca3ba0b2d4f6bbb0b8ca856ab40ed |
|||
font_07_sfnt_off0001b67d.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1B67D | 9012 bytes |
SHA-256: 464d9616ff6045eb755b6b7fcdb3357c4edc0e6b8c3b4bea7925d19b66d43d6b |
|||
font_08_sfnt_off0001cfb6.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1CFB6 | 30440 bytes |
SHA-256: 305d04df703943c39cc87b99c0b09e9b4f46f062ae019092ef6413dadd8f1c87 |
|||
font_10_sfnt_off00025e14.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x25E14 | 6292 bytes |
SHA-256: 95edb55063e80eeecc7fe770eeef895456dc480f3043cde5f99bee702bd797f0 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.