SUSPICIOUS
30
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
The PDF is identified as an image-only lure, typical of phishing attacks where a user is tricked into clicking a link. The embedded URI points to an external website, suggesting an attempt to redirect the user to a malicious or credential-harvesting page. The document's structure and the presence of a clickable action strongly indicate a phishing attempt.
Machine Learning
- Nyx PDF Classifier clean score 0.0004
Heuristics 3
-
Image-only document with action trigger (screenshot lure) medium PDF_IMAGE_LUREPDF has 2 image(s), only 2 text block(s), carries a click-outward action, and is only 84 KB — typical shape of a phishing lure where a full-page screenshot hides a clickable button that launches or submits to an attacker URL.
-
External URI low PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://www.ascendercorp.com/http://www.ascendercorp.com/typedesigners.htmlLicensed PDF link annotation
- http://scripts.sil.org/OFLPDF link annotation
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0001035c.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1035C | 21512 bytes |
SHA-256: 2adc5c67dc05fde8b4cb48515f4296074c6dac75e0c256c5fc232aa7a8249f19 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.