SUSPICIOUS
36
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
This PDF document was flagged as suspicious by an ML classifier. The file embeds external URLs that direct users to attacker-controlled resources. Specific URLs and indicators for this sample are listed in the indicators section.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 3
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://trafftec.ru/123?keyword=words+with+cad+meaning+fall PDF link annotation
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://uploads.strikinglycdn.com/files/f2249e41-87c0-491e-9686-4429df498d58/vabumutonelexemowijuxax.pdfIn PDF document text
- https://s3.amazonaws.com/wilugugo/henri_bergson_time_and_free_will.pdfIn PDF document text
- https://pumezidix.files.wordpress.com/2020/11/89043745784.pdfIn PDF document text
- https://zujuvigewif.files.wordpress.com/2020/11/sociedad_en_nombre_colectivo_mexico.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/8977b72b-c7a8-45f7-9bbc-885f95708015/13055366044.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/e64bc93d-9e6b-4f97-baf7-09fa9ad8d671/wumodoguva.pdfIn PDF document text
- https://zubonep.files.wordpress.com/2020/11/51759176416.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/5ff43fc2-d05a-42e0-a5c1-384ca3b0d80a/94573283554.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/09380066-28ec-49d3-b330-c435790417ca/facebook_lite_apk_free_download_for_pc.pdfIn PDF document text
- https://s3.amazonaws.com/zuses/18095950421.pdfIn PDF document text
- https://xajawut.files.wordpress.com/2020/11/savojabanawide.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00006fe7.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6FE7 | 5540 bytes |
SHA-256: d7b44d8811d0e613375ce8fe58a28766ebf1f5ef7e6ba9543f293dd06a9b41e1 |
|||
font_01_sfnt_off000082ad.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x82AD | 10032 bytes |
SHA-256: 823c020315a7338b9a068dec17d4c9f52ee8c4894b4df86e8b811fbad2115a70 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.