MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
This PDF document was flagged as malicious by ClamAV and an ML classifier. The file embeds external URLs that direct users to attacker-controlled resources. Specific URLs and indicators for this sample are listed in the indicators section.
Machine Learning
- Nyx PDF Classifier malicious score 0.9930
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ponafet.ru/strik?utm_term=ak+47+assembly+manual PDF link annotation
- https://cdn-cms.f-static.net/uploads/4413980/normal_601ebc6bc5994.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4377912/normal_605bf45f4ede5.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4448337/normal_605effe515f84.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4379844/normal_600a689818cad.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4375083/normal_604e65d9daeac.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4500668/normal_5fdad3b069edc.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4455673/normal_603d0d77b922c.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4447084/normal_5fe465fdc42af.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4411479/normal_602d67dcec47c.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4388407/normal_5fe0e836c3ecf.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4456399/normal_60177393280b8.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4454052/normal_60078db07d1f5.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4403814/normal_6066078a2a9b7.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4418764/normal_606c0b16b1e78.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4474723/normal_5fec7ce67c41b.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- http://www.daltonmaag.com/In PDF document text
- https://uploads.strikinglycdn.com/files/fecc20ca-9488-4afb-a343-e820cdd5a1c9/possessive_noun_worksheet_grade_1.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/df961f87-03b0-4f2e-87f3-1f8091348724/how_to_program_zojirushi_bread_machine.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/e05369a8-9f7c-4eed-b2f5-dce94b5f994d/iso_13485_audit_report_template.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/81958883-71b6-4544-945a-0ff2f7b46aaf/capital_markets_commercial_real_estate_definition.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/98bd7a34-b188-46f0-845d-f5a18a0e6807/23215226162.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/69364ce1-ca89-49eb-b7a8-16f70887f7d5/how_to_use_the_focusrite_scarlett_solo_3rd_gen.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/db1faf5f-9770-43c0-b8b2-389a2abf6f8d/keratuxumeguzimepatose.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/2fac6113-5d4a-4dc4-9274-bc0fc1a53d50/uc_browser_free_download_latest_version_for_windows_7_32_bit_download.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/2094e9a7-0ffa-4a53-b3c7-b4ece59854c0/gulal.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/74f685f2-d70e-4edd-9cdc-5e7f6b18879c/70651007235.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
- http://dejavu.sourceforge.netIn PDF document text
- http://dejavu.sourceforge.net/wiki/index.php/LicenseIn PDF document text
Extracted artifacts 4
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000223c1.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x223C1 | 4840 bytes |
SHA-256: 67db7b6df00e9f9759eeb7d47fec5ac640139a58c751a10cf0a065c19c37ff51 |
|||
font_01_sfnt_off00023428.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x23428 | 19424 bytes |
SHA-256: e4611188010ec73066c09e546bff95bb200a6414dabe788e6207e1fba3e5f265 |
|||
font_02_sfnt_off00026d01.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x26D01 | 16060 bytes |
SHA-256: ae97ebdbf5cb6679ee3ae7f6f8963da9ec2437ada1f672a33085bc8cbe806833 |
|||
font_03_sfnt_off00028195.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x28195 | 4324 bytes |
SHA-256: b50a2106bf82917db0cd3cf88f63c5e8cc3298b343ace5cffc591b35df33d24c |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.