MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
This PDF document was flagged as malicious by ClamAV and an ML classifier. The file embeds external URLs that direct users to attacker-controlled resources. Specific URLs and indicators for this sample are listed in the indicators section.
Machine Learning
- Nyx PDF Classifier malicious score 0.9993
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://seumenha.ru/strik?utm_term=standard+of+excellence+book+2+trumpet+pdf PDF link annotation
- https://cdn.sqhk.co/mopewedote/jbjhiam/psycho_room_escape_walkthrough.pdfIn PDF document text
- https://cdn.sqhk.co/gasubapo/j6ifgee/food_truck_pup_cooking_chef_mod_apk_revdl.pdfIn PDF document text
- https://cdn.sqhk.co/jozazixefuf/PhbIpJX/magic_wand_tool_procreate.pdfIn PDF document text
- https://cdn.sqhk.co/suwajipufo/jWijvgd/super_mario_run_download_apk.pdfIn PDF document text
- https://cdn.sqhk.co/benibavagoge/IXejejb/tubal_ligation_reversal_near_me.pdfIn PDF document text
- https://cdn.sqhk.co/kolusugego/FhcheE6/auctionzip_ohio_dayton.pdfIn PDF document text
- http://tinesemexogo.mygamesonline.org/xixojonis.pdfIn PDF document text
- https://cdn.sqhk.co/munemuzabuk/ZgfYzgi/86232876667.pdfIn PDF document text
- https://cdn.sqhk.co/vutowogipu/d4Yhchh/big_farm_mobile_harvest_free_farming_game_apk.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://uploads.strikinglycdn.com/files/387cc466-bb23-4c1e-8ff7-6cf9e637f19c/how_do_i_fix_h97_error_on_my_panasonic_microwave.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/6547751f-40e5-47b9-819d-4071f61c5f05/day_trading_for_beginners_book.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/4fbdf4e1-b09a-4e44-afcc-e9cf34212ab6/chrono_trigger_snes_cartridge.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/a65b6de0-30cf-4013-8144-c58f0b3cc5df/jason_and_the_golden_fleece_apollonius_of_rhodes.pdfIn PDF document text
- https://s3.amazonaws.com/rikolesafuwofar/1461373514.pdfIn PDF document text
- https://s3.amazonaws.com/daraniwekamidir/botw_all_dlc_guide.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/b4dfea70-4599-4cd1-9135-051354f01c8f/kjv_apocrypha_large_print.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/9770cac3-4748-4d7c-98b0-02cc9646e11b/25367583886.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/b37ea287-89bd-43d7-bb42-f0095d377c77/the_devops_handbook_ebook_download.pdfIn PDF document text
- https://s3.amazonaws.com/zoluwivebiro/background-_size_cover_not_working_in_android.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/b40cc80c-ef35-43e3-982b-ee965b215bb6/gotudabejipadeginovukawi.pdfIn PDF document text
- https://s3.amazonaws.com/pujinit/fifaxodiferafowetolomaki.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/b2f9f463-90f6-4570-9591-da313405878b/nukawufiwedurogowifivi.pdfIn PDF document text
- http://wadoromutisagar.myartsonline.com/shaded_red_smooth_dachshund.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000eea6.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xEEA6 | 5632 bytes |
SHA-256: 7c6023b17654a8372f86a4ad321fe1621d7f8446c74e8c11de726e14cd083b1e |
|||
font_01_sfnt_off000101bb.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x101BB | 11188 bytes |
SHA-256: bea751869bf5bb8c33736bda96d90d765c494369a70c9ef6765ab52f996743ca |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.