MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
This PDF document was flagged as malicious by ClamAV and an ML classifier. The file embeds external URLs that direct users to attacker-controlled resources. Specific URLs and indicators for this sample are listed in the indicators section.
Machine Learning
- Nyx PDF Classifier malicious score 0.9997
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://fokemale.ru/wix?keyword=blackweb+bluetooth+party+speaker PDF link annotation
- http://moneymaya.site/pixel_world_3d_pc_emulatorqm8k9.pdfIn PDF document text
- http://esclub.pro/664350009479w424.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4473047/normal_604870b3e9f16.pdfIn PDF document text
- https://cdn.sqhk.co/fodexuxefeba/bzghhcc/bubble_shooter_legend_hack_mod_apk_download.pdfIn PDF document text
- http://nigasheff.xyz/manual_de_cabala_practicad3eho.pdfIn PDF document text
- http://getfreecreditreport.info/brother_pe770_service_manualrmaps.pdfIn PDF document text
- https://cdn.sqhk.co/vatomepipiw/bih5idV/83715680917.pdfIn PDF document text
- http://mediaverifiedbadge.com/45983560441z407l.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4462035/normal_605b41db62a06.pdfIn PDF document text
- http://nigasheff.xyz/19290098606wr3rd.pdfIn PDF document text
- https://cdn.sqhk.co/pinofizulag/jjtij8E/dope_live_wallpaper_hd_android_tablet_free_download.pdfIn PDF document text
- http://prostosite.site/televisor_element_19_elefw195vp026.pdfIn PDF document text
- http://prizinsta365.online/imdb_vikings_cast_season_5t9v3o.pdfIn PDF document text
- http://myyshooop227.site/26690288062dunzg.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://s3.amazonaws.com/sigobija/64036556845.pdfIn PDF document text
- https://s3.amazonaws.com/bupesejirijejus/psychology_101_topics.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/328db90a-c0ab-4520-a447-7470ef5d3e74/basic_math_formulas_cheat_sheet.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/2ed3a336-d679-4dfc-a749-53ea84e5c70f/86092857064.pdfIn PDF document text
- https://s3.amazonaws.com/jinotugiwomo/volkswagen_body_repair_shop_near_me.pdfIn PDF document text
- https://s3.amazonaws.com/kavalukato/vizimomawesuzora.pdfIn PDF document text
- https://s3.amazonaws.com/buwosevax/lusaxepovi.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/4443eaaa-eb67-43aa-894e-6fc2fb302d8d/instalar_dd_wrt_linksys_wrt54g_v8.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0001055e.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1055E | 5468 bytes |
SHA-256: fd99428000f7b76989a31a24f443c3ffd0ab937c8b0eefe960d5d72a1617e38d |
|||
font_01_sfnt_off0001180c.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1180C | 12336 bytes |
SHA-256: a2f780e19291c6aa71c6f3e04fa6d321d00cc993de61c7285166083d2e44597f |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.