MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
This PDF document was flagged as malicious by ClamAV and an ML classifier. The file embeds external URLs that direct users to attacker-controlled resources. Specific URLs and indicators for this sample are listed in the indicators section.
Machine Learning
- Nyx PDF Classifier malicious score 0.9991
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://kuzutuzo.ru/wix?keyword=principles+of+business+and+finance+class PDF link annotation
- https://cdn.sqhk.co/zanotunuzi/VqKtNjb/17246678241.pdfIn PDF document text
- https://cdn.sqhk.co/dijabidasu/ijejhar/soccer_heads_unblocked_2016-_17.pdfIn PDF document text
- http://texewofe.22web.org/baldur_s_gate_strategy_guide.pdfIn PDF document text
- https://cdn.sqhk.co/remokuvupen/cBgf437/ranufizijufenu.pdfIn PDF document text
- https://cdn.sqhk.co/baxorurifina/337coie/civilization_revolution_2_apk_mod.pdfIn PDF document text
- https://cdn.sqhk.co/bujasugawo/ck0PrwK/zawolejozedizo.pdfIn PDF document text
- https://cdn.sqhk.co/jukunobegabe/I8Qgcja/monument_valley_17_mile_drive_map.pdfIn PDF document text
- https://cdn.sqhk.co/letareximo/heAbqwD/line_driver_game_ad.pdfIn PDF document text
- https://cdn.sqhk.co/morureju/jhiihd4/videos_de_super_slime_sam_abriendo_juguetes_nuevos.pdfIn PDF document text
- https://cdn.sqhk.co/fafovewidom/gghgfRW/hit_the_glass_wall.pdfIn PDF document text
- https://cdn.sqhk.co/noperizapewo/jjfic10/kit_viet_nam_dream_league_soccer_2019_tottenham.pdfIn PDF document text
- https://cdn.sqhk.co/jirudumom/fwjchc1/providing_telehealth_therapy_across_state_lines.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- http://www.daltonmaag.com/In PDF document text
- https://uploads.strikinglycdn.com/files/d1160ef6-c1a0-4179-bb45-774b19badeb7/how_do_i_fix_my_table_of_contents_in_word.pdfIn PDF document text
- https://s3.amazonaws.com/gazivemon/sazogexegepekegalaxu.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/816c7bd1-0416-4481-bddb-32b39847ebd5/tupise.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/cdf60645-0790-4827-9ef1-88638a635fcc/xaduremuwuvezifadi.pdfIn PDF document text
- http://topeleseluvon.rf.gd/subarachnoid_hemorrhage_treatment.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/d985e2d6-7523-4ae5-b0ea-d41a83374624/88928361854.pdfIn PDF document text
- http://nataxos.epizy.com/a_connecticut_yankee_in_king_arthurs_court_plot.pdfIn PDF document text
- https://s3.amazonaws.com/rejiner/can_you_sue_for_emotional_distress_in_new_jersey.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/6deb1696-44d5-4594-ae67-30aeca542442/8414206626.pdfIn PDF document text
- https://s3.amazonaws.com/kovozenamofox/celsius_fahrenheit_chart.pdfIn PDF document text
- http://motinekan.epizy.com/arab_horror_movies.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000edaa.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xEDAA | 5092 bytes |
SHA-256: 1c913623cc049c70ba09325aed9ee1a820e8e4d13ee2558159f0b1be001be3f7 |
|||
font_01_sfnt_off0000fee5.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xFEE5 | 9832 bytes |
SHA-256: 165f9864aacdcbc5ab2a16fa921396eaa1b234f3cac750f3c30bf5058f596378 |
|||
font_02_sfnt_off00012068.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x12068 | 4324 bytes |
SHA-256: 1158d95dac44631f497756703988ba3645251422e7ff0015d3fca430225e7c3e |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.