MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
This PDF document was flagged as malicious by ClamAV and an ML classifier. The file embeds external URLs that direct users to attacker-controlled resources. Specific URLs and indicators for this sample are listed in the indicators section.
Machine Learning
- Nyx PDF Classifier malicious score 0.9998
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://traffnew.ru/strik?utm_term=elder+scrolls+online+h%25C3%25BCter PDF link annotation
- https://cdn-cms.f-static.net/uploads/4365540/normal_5f875b9fc3c24.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4393639/normal_5f94d25a15ba5.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://uploads.strikinglycdn.com/files/16b2b013-183b-43a7-835d-482bcd7fe763/wasekuto.pdfIn PDF document text
- https://s3.amazonaws.com/wivunonovef/artemisia_annua.pdfIn PDF document text
- https://s3.amazonaws.com/fezenur/datasagerefipawefubud.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/6c5529a2-4f36-4d8b-8c73-a9b6d2071acc/mupupuvinupe.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/c169bd00-1890-4e81-8347-46dba94359cc/darexibutapesawasup.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/932359eb-360f-4657-8f23-3e3fa3c11695/21223322392.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/cec34538-e008-41c8-97eb-c9972b604352/fulugodabaletemuwomodi.pdfIn PDF document text
- https://s3.amazonaws.com/zetare/women_s_boots_2019.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/bb24da61-9054-48f1-b158-c01afc5d2a01/57585753430.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000eaea.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xEAEA | 4892 bytes |
SHA-256: b5096b8f6c92c9d6380e54d22a9f674f0be68af3b1bdf05f7d06038d8a15ed61 |
|||
font_01_sfnt_off0000fb54.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xFB54 | 11324 bytes |
SHA-256: 34365a248ebf8633f08fa035168b855e5edeeb739e8e7c1709c0ba662031d8d0 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.