MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF file was detected as malicious by ML classifiers and ClamAV, indicating a phishing attempt. It contains an embedded URL that directs users to a suspicious domain, likely to host further malicious content or phishing pages. No scripts were extracted, but the presence of an external URI and the overall detection profile suggest a phishing lure.
Machine Learning
- Nyx PDF Classifier malicious score 0.9998
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://trafffi.ru/123?utm_term=bdo+trading+guide+2017 PDF link annotation
- https://cdn-cms.f-static.net/uploads/4370090/normal_5f8f9f87d4d56.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4413867/normal_5f9d263ee7c85.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4493589/normal_5fda64e91e7c5.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4376362/normal_5f8bfb6d205fc.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4379371/normal_5fb5f6fd69c4f.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://uploads.strikinglycdn.com/files/3ed64e5d-d1c1-4411-8d1f-b8e4bb20db22/70217003605.pdfIn PDF document text
- https://static1.squarespace.com/static/5fe18f38436906770ae736df/t/5fe234dd7b20a60e9fef61f8/1608660190339/spreadsheet_full_details.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/bcdb3232-2a7f-4793-8873-eafbff4d85d2/61622280201.pdfIn PDF document text
- https://static1.squarespace.com/static/5fc17674e9fc3622d5261a8e/t/5fc879f3bbb7f45a928bd433/1606973945960/70195867042.pdfIn PDF document text
- https://static1.squarespace.com/static/5fbce344be7cfc36344e8aaf/t/5fbcf05900f7af3919d23d7b/1606217818635/wexogowewixizovagobi.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/f4dd1fee-6b94-43e9-9049-ba48823161e8/31502101080.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/2776000d-d383-47e5-b8bb-afe865e47350/zikirinejegabomemiro.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000c87e.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xC87E | 5240 bytes |
SHA-256: 57ae50f7439e24b3a298e6bada652f6c9c878637a8ad4d05b6110fa49fbd8701 |
|||
font_01_sfnt_off0000da6c.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xDA6C | 10204 bytes |
SHA-256: 5fabe495ee8e93ed3654379ed44c396a25254a48a5ec540bcb605bd4d9651702 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.