MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
This PDF document was flagged as malicious by ClamAV and an ML classifier. The file embeds external URLs that direct users to attacker-controlled resources. Specific URLs and indicators for this sample are listed in the indicators section.
Machine Learning
- Nyx PDF Classifier malicious score 0.9993
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://xajibur.ru/strik?utm_term=sheng+bang+hd+1688+clock+manual PDF link annotation
- https://static.s123-cdn-static.com/uploads/4383698/normal_5fec9c7af33bd.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4505699/normal_600eb037b5095.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4494877/normal_5ff0b43fbc556.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4476015/normal_6043ede1f1f1d.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4491433/normal_5fdb36795c7de.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4455914/normal_6003f8286600f.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4501482/normal_604d17903f986.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://s3.amazonaws.com/kufazete/rosinaxeraleto.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/ac7136ba-fbe1-4a0c-b0bc-1d3f8a9c1d84/high_protein_vegetarian_foods_in_india_hindi.pdfIn PDF document text
- https://s3.amazonaws.com/pivetuzadujo/dokazatewob.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/5e4096d7-89bd-4b20-b70f-68d95a5ae5cf/fipimobo.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/b2a3bc10-d07b-42b7-b441-73d1c0eb2e23/53015976231.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/5106c6a3-40e8-4ceb-b290-5c5d3129dfac/the_happiness_equation_neil_pasricha.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/e84b0bf2-1a0f-4afc-b86d-829b3d6442ad/jemebogigevigalorifisinek.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/3f28adc9-4991-411c-be88-921c0d4b774a/10862267316.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/8ebda2c9-2863-44a2-927c-708116bb20ee/miller_syncrowave_250_dx_high_frequency_not_working.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/9ca0d239-f610-499d-9aec-a3c060d1efe9/hotpoint_ultima_dual_fuel_cooker_manual.pdfIn PDF document text
- https://s3.amazonaws.com/tokatefozude/kenmore_800_washer_repair_manual.pdfIn PDF document text
- https://s3.amazonaws.com/jeduzizonox/what_does_the_bible_say_about_christmas_trees.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/89ad881a-c570-4c0f-9f8b-e4386abf54cf/86090818315.pdfIn PDF document text
- https://s3.amazonaws.com/petuzutemixuvod/birthday_invitation_format_for_girl.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/76e6993b-98b2-4508-a07c-958fa2c49a73/formato_para_avaluo_de_casa_habitacion.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/4003192b-9ed0-4226-a9b2-a4ebd7d50d30/35362235459.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/0fc92c8b-0dac-4f60-988c-621e5aed2b57/rapidex_english_speaking_book_free_download.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/90616711-e42f-44d8-91ef-3ed034f4300e/45719599368.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00015a71.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x15A71 | 5788 bytes |
SHA-256: e7c83d19acdd3ca6d914fd904cc1cad31501a8e60b09bd92d2e7a02c29e5418d |
|||
font_01_sfnt_off00016e03.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x16E03 | 12024 bytes |
SHA-256: 345272571db2cc7efcfad549141edc1b75b7d3e29ad222f7a22d2df5afebed80 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.