MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
This PDF document was flagged as malicious by ClamAV and an ML classifier. The file embeds external URLs that direct users to attacker-controlled resources. Specific URLs and indicators for this sample are listed in the indicators section.
Machine Learning
- Nyx PDF Classifier malicious score 0.9993
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://crophysi.ru/strik?utm_term=best+way+to+read+the+bible+in+order PDF link annotation
- https://static.s123-cdn-static.com/uploads/4377371/normal_5ff0eb35d9b29.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4405208/normal_603a58d69af9e.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4451019/normal_606377f0eea8b.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4421352/normal_6060877659830.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4414864/normal_5fcdf82527222.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4484993/normal_60412533baf80.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4378857/normal_603887d2e9d26.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4491927/normal_606c831bc9157.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://uploads.strikinglycdn.com/files/07618fad-5fc3-4280-b013-f3884ba07ece/constitucion_de_venezuela_1811_resumen.pdfIn PDF document text
- https://s3.amazonaws.com/lusegokaves/physical_security_risk_assessment_template_excel.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/70a6d248-3b7a-4ffa-a9dc-1cd169210b3b/desuf.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/3090cbcb-8d47-46c3-8ad0-b39056125569/how_do_i_start_a_home_bakery_business_plan_for_a_small.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/d0f37df1-9505-4623-ba2f-32018412ef51/brad_paisley_im_still_a_guy_lyrics.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/93f3fa84-bf4e-4636-a674-fcded440d11d/what_did_the_mockingjay_symbolize.pdfIn PDF document text
- https://s3.amazonaws.com/zidosozawok/verifone_ruby_error_codes.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/61fe1a66-c35b-4a76-9230-358b022ebd5f/dirt_devil_quick_vac_upright_vacuum_reviews.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/02535d53-6ac5-4693-bbb6-cb0c07cbb53b/cant_connect_roku_to_wifi_no_remote.pdfIn PDF document text
- https://s3.amazonaws.com/vonusirukete/libazozoxawamakisibifobon.pdfIn PDF document text
- https://s3.amazonaws.com/tedowafomaru/formel_for_areal_af_cirkel.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/80d2a4d0-06b4-44bf-9e50-7f08f0646611/runumikedatudivufudatuvel.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/20ce56ec-91e7-4d11-a503-cd3daa2ba459/char_griller_pellet_grill_instructions.pdfIn PDF document text
- https://s3.amazonaws.com/jinabom/android_studio_emulator_wifi_connected_no_internet.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/9304bd26-96ab-475f-ad75-c0e608e058a7/75625584415.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/4b17bb38-f996-48f2-92bc-3e659bccd60b/what_causes_a_septic_drain_field_to_fail.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/cff12c70-6bea-4359-a2b2-2dfbbacf2581/how_to_replace_oven_light_kitchenaid.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000f902.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xF902 | 5296 bytes |
SHA-256: 28d8b9befd5f9b7bce48653e4f7dc63ffafd866710b842bfd8d9372dae505e8c |
|||
font_01_sfnt_off00010b16.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x10B16 | 10880 bytes |
SHA-256: c2236158c1e81ac88eb3ecd3cdc795ace90b74793c0194158a2ab1508ca4c2e8 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.