MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
This PDF document was flagged as malicious by ClamAV and an ML classifier. The file embeds external URLs that direct users to attacker-controlled resources. Specific URLs and indicators for this sample are listed in the indicators section.
Machine Learning
- Nyx PDF Classifier malicious score 0.9992
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ponafet.ru/strik?utm_term=vodafone+unitymedia+k%25C3%25BCndigung+vorlage+pdf PDF link annotation
- https://cdn-cms.f-static.net/uploads/4529024/normal_601dbc1542e21.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4366027/normal_60350983c4ab4.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4417221/normal_5fcd6336d8fc7.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4488329/normal_601baa163ac5d.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4409123/normal_5ffa1532c632d.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://uploads.strikinglycdn.com/files/94648d50-1b0b-43e5-8a3f-94979f0e072b/how_to_install_liftmaster_myq.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/c314384f-d797-41d0-8c63-d5a07e5e867b/sefivopumagadamirofibidev.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/db9c62ff-50c3-45e2-94fd-3483c3149b4f/63746798856.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/f51b0071-066c-40bc-931c-25afc57c7236/49444982848.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/ab4f8bac-9b20-4f2c-ac50-d12df2be77a0/61939839758.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/a4150529-4d9c-471b-960f-c91965f3d25f/funugozexifito.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/f678293b-bba8-4626-a131-4307cc4d9a20/what_size_generator_can_power_a_house.pdfIn PDF document text
- https://s3.amazonaws.com/legobegutulo/jumisavupeb.pdfIn PDF document text
- https://s3.amazonaws.com/kopisigapub/80676736299.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/78db8310-9867-45b2-97af-043f32f29c61/american_red_cross_donor_ambassador.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/433715b0-f8ff-48c9-af26-3ec8f5af7e87/restful_web_services_example_in_java_using_eclipse_step_by_step.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/93b20354-c463-42e3-a96c-7d9c05ab3ccf/how_much_is_a_brand_new_wii_u.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/43a4f4cb-d1b5-4980-9419-6d5d9dae8830/morix.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/e404dada-eb12-488b-af0e-b519c8d28d95/pentax_pz_70.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/b205b35e-6278-449f-8be3-26f3bb07fbce/sony_a230_video_test.pdfIn PDF document text
- https://s3.amazonaws.com/xabalaru/xirumitukazapo.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/3a55832c-31e1-4778-8b0c-6fe0a1b9291f/mifigudibox.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/2a1bbd73-5f82-49b1-88c3-f0de00e7612d/zubumunebezodotuxopov.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000f225.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xF225 | 5496 bytes |
SHA-256: fa97c42e643bd12707a1d77739f8feb57564a38fa407219f333a73d355999db8 |
|||
font_01_sfnt_off000104ab.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x104AB | 12152 bytes |
SHA-256: 66938720ce20f8d17d4fb2e7a553ec70e3b3c9c3f67ca354234d1fdb136a3d94 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.