MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The ML classifier and ClamAV detection strongly indicate maliciousness. The PDF contains embedded URLs, one of which is http://feedproxy.google.com/~r/wb/ENAH/~3/WboozbXZlIE/wb?keyword=what%20are%20two%20examples%20of%20sensory%20details, suggesting a phishing or redirection attempt. The document body is heavily obfuscated, but the presence of embedded URLs and the high confidence detections point to a malicious PDF designed to exploit users.
Machine Learning
- Nyx PDF Classifier malicious score 0.9958
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://static.s123-cdn-static.com/uploads/4531523/normal_60052d1cba5ac.pdf In PDF document text
- https://static.s123-cdn-static.com/uploads/4417024/normal_5fce9af27f631.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4423453/normal_6048703c0eb6c.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4443344/normal_605c302a0dc8d.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4417329/normal_605f3b6689508.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4394062/normal_5feee18191647.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4382780/normal_5fd2d8e6eaf0e.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4402294/normal_604705092e40a.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4460243/normal_6024aa9d91cc9.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4451210/normal_5ff1c90babd9d.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- http://feedproxy.google.com/~r/wb/ENAH/~3/WboozbXZlIE/wb?keyword=what%20are%20two%20examples%20of%20sensory%20detailsPDF link annotation
- https://uploads.strikinglycdn.com/files/51980e16-3b4e-4963-93f5-e6c0198f6c4d/93674743840.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/45b8bbdf-6b86-40e0-82c0-56cace52b345/vabagafod.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/f600c7cb-c367-4d4b-8fd8-dc9fc1415f79/how_to_choose_living_room_curtain_color.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/5cf0e508-a5b4-404a-b6a4-99c7079575b7/is_ged_math_test_hard.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/41f3fe83-4c27-4219-b402-af911eeacf84/57741933979.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/81ebfbe6-53c4-4755-a9e7-acb8985948d2/how_to_change_battery_in_nextbook_tablet.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/76d9cb8b-9b59-4610-a1d1-39ab92e3f5ae/wufujezisoxobuzep.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/24522240-290a-4a69-a0fc-ecf4e70eb0f6/the_exorcist_3_blu_ray_review.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/242a2ee9-69f8-4564-94f9-885887d7ccf1/mumimex.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/2719d156-ebf8-489a-a82e-d4b23991fc62/hack_avast_free_antivirus_license_key_for_pc.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/a4d0730f-adce-4054-ab2b-7b2da37a2f1e/how_do_you_structure_a_performance_review.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/412cbde4-5e39-4e73-a36c-e9d624202699/gisakilid.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/4b7973d4-a8b7-4649-a2a6-fff4a6962a16/noxopupa.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/40c2521c-c12a-4179-a6e6-60101483d209/of_mice_and_magic_read_online.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/ff09ebfc-6ae1-4531-a8c5-07f46fb8d111/the_complete_interview_answer_guide_by_don_georgevich_ebook.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/a4e587fb-7b69-47e5-a015-093b3950f6f6/jetesukuwek.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/75c61936-c24d-4fa0-a695-2b562141622e/bimudupofe.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/18557d64-8f1b-4639-9f8d-78550a1b06f7/nowifozupatojarixamajevup.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/ae4603fb-6556-4db0-9dca-9848b6d76226/avid_artist_mix_for_sale.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000f1df.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xF1DF | 5556 bytes |
SHA-256: 90986e1785b70b0f955861294e140e8d1a9595d92cee1a0e5e8d5000e3695e0f |
|||
font_01_sfnt_off000104bb.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x104BB | 10752 bytes |
SHA-256: d87ba2ef5cd1a0880b589c1e211cb07befbb09c2916b31b7c6e9840186a76dca |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.