MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
This PDF document was flagged as malicious by ClamAV and an ML classifier. The file embeds external URLs that direct users to attacker-controlled resources. Specific URLs and indicators for this sample are listed in the indicators section.
Machine Learning
- Nyx PDF Classifier malicious score 0.9994
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://leonvi.ru/123?utm_term=chat+for+pc+free PDF link annotation
- https://cdn-cms.f-static.net/uploads/4492246/normal_5fd5f15dcbbed.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4417413/normal_6056c0fc839b0.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4369317/normal_600f59fd59740.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://uploads.strikinglycdn.com/files/75938833-9ff7-4083-ba4e-2d7db0baee46/39224795584.pdfIn PDF document text
- http://dawanitapix.pbworks.com/f/surface_area_and_volume_of_composite_shapes_worksheet.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/9bb2b19f-3816-4925-997b-86572c3b513e/zerupagul.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/16f86e97-5db0-4a76-a56e-3e4989c4648d/dodew.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/2fe5ba25-75d5-48a3-a404-6df7fe0a42de/dizes.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/56431157-3da0-4a97-a873-fb8f716525eb/73452775350.pdfIn PDF document text
- http://bunemirudezo.pbworks.com/f/x_plane_9_apk_all_planes_unlocked.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/48674049-3bb2-4bb9-8f9b-9df4c1c366c2/wexiworu.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/a1b0891b-e6e2-42ac-a3b6-99f5deadbb69/48825199542.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/84a740d4-8738-4e39-9991-d70dd507e54c/how_to_use_self_service_laundry_machine.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/b2c08101-0887-455a-82b6-0d71864dfed6/big_green_egg_electric_charcoal_igniter.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/1d31a0b5-4804-4ecb-b045-4aa69937e04e/setexujumulek.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/cbbe2485-3860-4363-950c-651620a5684d/kirodopemuxuzukowinunu.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/d946d85f-a068-4184-a55a-88d94568e05d/maytag_neptune_dryer_not_heating_gas.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/44388988-6549-4bf1-b922-65e4c0e72dd4/rexilubuzogupajotidu.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/2815b064-d9ff-4826-a9de-466c13538c40/modelo_de_minuta_de_constitucion_de_empresa_srl_en_word.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/fdfbec76-306d-452f-9184-d9552470a6d9/lekapibaw.pdfIn PDF document text
- http://feselikebapu.pbworks.com/f/thomas_co._sold_1000_worth_of_merchandise.pdfIn PDF document text
- http://fipivuzigoge.pbworks.com/w/file/fetch/144562074/electric_motors_and_control_systems_petruzella.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/35fa9112-7ea8-4f80-9d30-ea8033bfb693/womivuwewokakawide.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000fcc1.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xFCC1 | 4796 bytes |
SHA-256: 9d896a6e3a724d8fc48f18456eeb6df79d6cf094f90a44e16502ff46fbc3c77d |
|||
font_01_sfnt_off00010d0f.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x10D0F | 10572 bytes |
SHA-256: fcc8f781bbb36664092d99285bd00299266158fecffcc0a9ee9497fac8ea1631 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.