MALICIOUS
104
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1204.002 Malicious Link
The file was detected as malicious by a machine learning classifier and ClamAV, indicating a high likelihood of malicious intent. The presence of an external URI pointing to 'trafftec.ru' and a heuristic firing for a 'download button' suggest the document is designed to trick the user into clicking a link to download a payload. The document body contains garbled text, but the authoring application and creation date are present.
Machine Learning
- Nyx PDF Classifier malicious score 0.9996
Heuristics 5
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTONDocument contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://trafftec.ru/123?utm_term=acting+out+culture+4th+edition+pdf+free
- https://cdn-cms.f-static.net/uploads/4412382/normal_5f976023e17f7.pdf
- https://bubixoduxufito.weebly.com/uploads/1/3/1/0/131070588/2413134.pdf
- https://xojerajap.weebly.com/uploads/1/3/1/3/131384359/1441493.pdf
- https://cdn-cms.f-static.net/uploads/4461232/normal_5fa5c82e51d8c.pdf
- https://cdn-cms.f-static.net/uploads/4372980/normal_5f9b1c50aaf46.pdf
- https://cdn-cms.f-static.net/uploads/4418369/normal_5f9f8b25c9dd6.pdf
- https://cdn-cms.f-static.net/uploads/4418379/normal_5fb6f37e16b47.pdf
- https://rixemeja.weebly.com/uploads/1/3/4/7/134711448/2edd76.pdf
- https://didaladajede.weebly.com/uploads/1/3/4/5/134524443/6444528.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://s3.amazonaws.com/tesodagiwor/dizovixinofuwujav.pdf
- https://uploads.strikinglycdn.com/files/e93f4eb2-f111-4c9c-8a67-9124a3cabc3b/reebok_basketball_shoes_shaq.pdf
- https://s3.amazonaws.com/divexikav/sony_car_stereo_mex-n5200bt_manual.pdf
- https://uploads.strikinglycdn.com/files/e8ff6c8e-ae72-4535-9828-e02282c264c5/fumasalufutosire.pdf
- https://uploads.strikinglycdn.com/files/1a22c58e-0697-4b33-9987-a3bec339aa08/wetezonekanipebizak.pdf
- https://uploads.strikinglycdn.com/files/a5956957-bd32-46e3-a6eb-726dd05ae342/45045618662.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000ade5.binf459833b650c08c1da9e243c034379a98917967da26bad3290a5cccbce8adee0 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xADE5 | 5104 bytes |
font_01_sfnt_off0000bf48.bin60272a22827422a71443b7c192724bba948ef387f4f1d5ac3c00b315a021e907 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xBF48 | 9660 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.