CLEAN
6
Risk Score
Malware Insights
MITRE ATT&CK
T1059.001 PowerShell
T1204.002 Malicious File
T1566.002 Spearphishing Attachment
The PDF file contains embedded JavaScript and is related to CVE-2023-26369, indicating an attempt to exploit a known vulnerability. The presence of embedded JavaScript suggests the execution of malicious code, likely to download or execute a secondary payload. The external URI points to a potentially compromised or malicious domain.
Machine Learning
- Nyx PDF Classifier clean score 0.0012
Heuristics 3
-
TrueType bitmap font + active content — CVE-2023-26369 related info PDF_CVE_2023_26369_RELATEDPDF embeds a TrueType font with bitmap tables (EBDT/sbix/CBDT) alongside exploit delivery indicators — CVE-2023-26369 exploits the sfac_GetSbitBitmap function in Adobe's libCoolType for arbitrary code execution. This CVE was actively exploited in the wild, but this rule does not validate the malformed EBLC/EBDT primitive.
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://eyayinlar.mkutup.gov.tr/cgi-bin/WebObjects/EHT PDF link annotation
- http://www.kitabicihannuma.com/In PDF document text
- http://www.kitabicihannuma.com/dosyalar.aspIn PDF document text
- http://ktp.isam.org.tr/?url=risaleosmIn PDF document text
- http://www.bookprep.com/book/uc1.b553251In PDF document text
- http://ktp.isam.org.tr/pdfdrg/D00055/1971_3-4/1971_3-4_HAMIDULLAHM.pdfIn PDF document text
- http://www.bookprep.com/book/mdp.39015023904900In PDF document text
- http://www.bookprep.com/book/mdp.39015037142455In PDF document text
- http://iccu01e.caspur.it/ms/internetCulturale.php?id=oai%3Abncf.firenze.sbn.it%3A21%3AFI0098%3AMagliabechi%3AVEAE007535&teca=BncfIn PDF document text
- http://www.denizcilik.gov.tr/dm/In PDF document text
- http://muslimheritage.com/topics/default.cfm?ArticleID=1067In PDF document text
- http://www.ntvmsnbc.com/id/25190487/#storyContinuedIn PDF document text
- http://www.kultursanat.org/haber.php?id=186In PDF document text
- http://yenisafak.com.tr/KulturSanat/?i=306923In PDF document text
- http://www.bugun.com.tr/haber-detay/131512-cihannuma-yeniden-basildi-haberi.aspxIn PDF document text
- http://www.bugun.com.tr/haber-detay/131512-cigir-acan-kitap-yeniden-yayimlandi-haberi.aspxIn PDF document text
- http://ha-ber.net/index.php?option=com_content&task=view&id=5322&Itemid=168In PDF document text
- http://www.zaman.com.tr/newsDetail_getNewsById.action?haberno=865721&title=bu-da-postmodern-cih%C3%A2nnum%C3%A2In PDF document text
- http://yenisafak.com.tr/KulturSanat/?i=75936In PDF document text
- http://www.zaman.com.tr/haber.do?haberno=1061638&title=katip-celebinin-cihannumasi-tozlu-raflardan-kurtuldu&haberSayfa=2In PDF document text
- http://www.zaman.com.tr/haber.do?haberno=1103991&title=cihannuma-turkce-ve-ingilizce-basildiIn PDF document text
- http://yenisafak.com.tr/gundem/?t=08.03.2011&i=307152In PDF document text
- http://www.trt.net.tr/haber/HaberDetay.aspx?HaberKodu=a481a23e-8ce7-4ccb-b76e-9510b71701bfIn PDF document text
- http://www.kultur.gov.tr/TR/belge/1-79911/cihannumadan-ornek-bazi-haritalar.htmlIn PDF document text
- http://aregem.kulturturizm.gov.tr/TR,12573/cihannumadan-ornek-bazi-haritalar.htmlIn PDF document text
- http://www.kultursanat.org/haber.php?id=184In PDF document text
- http://www.aksiyon.com.tr/aksiyon/haber-22861-34-istanbul-kitapcisina-cihannuma-gelmis.htmlIn PDF document text
- http://www.turizmdebusabah.com/haberler/turkiye,-cagdas-ve-geleneksel-edebiyatini-dunyaya-tanitti-42167.htmlIn PDF document text
- http://www.kultur.gov.tr/TR/belge/1-79910/katip-celebinin-cografya-calismalari-ve-cihannuma.htmlIn PDF document text
- http://aregem.kulturturizm.gov.tr/TR,12572/katip-celebinin-cografya-calismalari-ve-cihannuma.htmlIn PDF document text
- http://www.haber3.com/katip-celebinin-cihannuma-adli-kitabi-tanitildi--istanbul-buyuksehir-belediye-ba-708777h.htm?interstitial=trueIn PDF document text
- http://www.zaman.com.tr/haber.do?haberno=1061638&keyfield=6B6174697020C3A7656C656269In PDF document text
- http://www.marmarahaber.net/katip-celebi-sizi-bekliyor_haberi_16861.htmlIn PDF document text
- http://www.kultursanat.org/basin.php?id=29In PDF document text
- http://www.turizmdebusabah.com/haberler/boyut-yayin-grubu-ile-tarihe-muhtesem-yolculuk-42272.htmlIn PDF document text
- http://www.thegate.com.tr/?sid=5d6bc63fa883d5484e1587d9ac4018f4&subid=467In PDF document text
- http://www.mirhaber.com/haber.php?haber_id=37833In PDF document text
- http://www.bugun.com.tr/haberin-galerisi/?id=7324In PDF document text
- http://yasam.bugun.com.tr/cihannuma-yeniden-basildi-131512-haberi.aspxIn PDF document text
- http://www.ibb.gov.tr/tr-TR/Pages/Haber.aspx?NewsID=19199In PDF document text
- http://www.ibb.gov.tr/en-US/Pages/Haber.aspx?NewsID=528In PDF document text
- http://www.zaman.com.tr/newsDetail_getNewsById.action?haberno=799549&title=m%FCteferrika-koleksiyonu-145-bin-ytl8217ye-g%F6r%FCc%FCye-%E7%FDkt%FD&haberSayfa=95In PDF document text
- http://www.boyutstore.com/urun/cihannuma-kitabi-boyut-yayin-grubu.aspxIn PDF document text
- http://www.medam.org.tr/?page_id=812In PDF document text
- http://www.islamanahtari.com/2011/01/cihannuma/In PDF document text
- http://www.turkishjournal.com/i.php?newsid=9210In PDF document text
- http://www.edebiyazilar.com/index.php?option=com_content&view=article&id=1382:channuema-&catid=13:makaleler&Itemid=18In PDF document text
- http://www.habervakti.com/news_details?id=42378In PDF document text
- http://www.nuveforum.net/1356-edebiyat/62528-kitab-i-cihannuma/In PDF document text
- http://www.renkliweb.com/kultursanat/katip-celebinin-buyuk-cografya-eseri-cihannuma-artik-turkce.htmlIn PDF document text
+840 more URL(s)
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
stream_123_off000ce62b.bin |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0xCE62B | 230212 bytes |
SHA-256: 2ef271f508e3e2b0725009890a99911ae2d0cc69f9deb4f571ee297316b98072 |
|||
stream_126_off00103952.bin |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x103952 | 200124 bytes |
SHA-256: 8001eead50a809ffd3bdf8a1a01eda7a96505f0b7420578a551317404be1ee5b |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.