MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
This PDF document was flagged as malicious by ClamAV and an ML classifier. The file embeds external URLs that direct users to attacker-controlled resources. Specific URLs and indicators for this sample are listed in the indicators section.
Machine Learning
- Nyx PDF Classifier malicious score 0.9997
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://seumenha.ru/strik?utm_term=romeo+and+juliet+1996+cast+ages PDF link annotation
- https://cdn-cms.f-static.net/uploads/4487663/normal_6053b99f8d230.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4470218/normal_606294f6724e5.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4470841/normal_606919564a2f0.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4371003/normal_60415c205118a.pdfIn PDF document text
- http://sanatoriy-izumrudny.ru/history_alive_online_loginp9kzy.pdfIn PDF document text
- http://esmoney.site/how_to_do_wing_chun2ezf1.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4446511/normal_605b0e2b0eca2.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4468296/normal_6055dffa60de0.pdfIn PDF document text
- http://edevletorg.com/1978_john_deere_316_service_manualidzwe.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4374369/normal_603b6d1658f31.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://uploads.strikinglycdn.com/files/5a446ace-84b8-48b4-b47d-00bb20e76935/the_missing_link_theory_of_evolution.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/4d903789-263d-4a1e-b233-83be0a2f4d64/93261795413.pdfIn PDF document text
- https://s3.amazonaws.com/tarizirefevifab/steven_pinker_enlightenment_now_criticism.pdfIn PDF document text
- https://s3.amazonaws.com/dewutexorob/xobaxuxajidezewikupawine.pdfIn PDF document text
- https://s3.amazonaws.com/gazivemon/animated_video_maker_apk.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/c71e99e6-6bca-4fba-91bd-e1bdff85c8cb/73477485214.pdfIn PDF document text
- https://s3.amazonaws.com/lerezazo/how_to_work_out_the_volume_of_a_cuboid_net.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/32744d15-ce82-403e-aaa4-b70ac253be66/claudia_quotes_interview_with_the_vampire_book.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/20d87326-c729-48f9-bfcd-af8b69b49bba/83630757319.pdfIn PDF document text
- https://s3.amazonaws.com/nalifij/best_carpet_sweeper_consumer_reports.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/fc25f19f-9012-4bf6-a52d-3d5dbcba75a3/the_nutcracker_and_the_mouse_king_quotes.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000edbe.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xEDBE | 5608 bytes |
SHA-256: 6ae56fb0de30fd728d3c3e39c2c9ed2f11427cf156b9c862ef224b95125e04c3 |
|||
font_01_sfnt_off000100cd.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x100CD | 11440 bytes |
SHA-256: a910fa0a9fb6fec1952627935582a489eca9628893a2be2a1391776d698ef8d7 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.