MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
This PDF document was flagged as malicious by ClamAV and an ML classifier. The file embeds external URLs that direct users to attacker-controlled resources. Specific URLs and indicators for this sample are listed in the indicators section.
Machine Learning
- Nyx PDF Classifier malicious score 0.9985
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://bologen.ru/strik?utm_term=mejores+libros+para+leer+gratis+online PDF link annotation
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- http://www.daltonmaag.com/In PDF document text
- https://uploads.strikinglycdn.com/files/62777441-74da-4e43-96df-cff316f2241a/sadlier_vocabulary_workshop_level_c_unit_12_answers.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/93163405-4503-497d-b2cf-24513ff3878e/thermador_gas_stove_owners_manual.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/da1bdca1-eeb7-4023-9428-bb0cb51a1632/the_inevitable_kevin_kelly_review.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/1f4c9234-5805-42f8-b0cf-9911a91b9a98/bermuda_monetary_authority_economic_balance_sheet.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/5753b6e4-b3f9-4312-9726-f493ee41ca6e/ziduva.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/72039853-30ff-42bb-a516-130b46d8f230/gedemozawagezap.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/816f49c3-dbd4-48f3-b33d-11a39bc89e03/84259313415.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/d887503f-4b3b-40e1-ba42-1e2333295832/ronco_dehydrator_recipes_beef_jerky.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/66567b6e-3e8b-45e2-98d8-e7e27932623c/kasasaruwaxebupa.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/55f4d392-262c-411e-94a2-23189b3150b9/how_to_learn_chinese_for_dummies.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/18962c65-7292-4579-90ca-2c0b5a7a7ce4/tekopa.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/27974da6-1a5b-4160-ac1a-86ef75ab8aa7/17382756936.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/149ee5e6-f40e-442c-8fff-09b67bfe401d/how_to_program_a_pentair_variable_speed_pump.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/c3720553-6ee8-4ae9-8734-ed4c6b38e040/85748843900.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/06865924-438a-4813-b5b7-2ce50c2fa513/weber_genesis_e-330_burner_replacement.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/27517524-d2ac-4e2e-b8b0-d741e54f07c3/ccnp_bgp_router_alley.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/4ad41904-49d9-454d-bc58-46ad28351e71/what_is_the_theme_of_the_hobbit_book.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/9406f9ac-b41d-4453-848a-d8665b7cdf13/how_to_start_learning_sap_hana.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/1b16db08-e394-4780-8571-1631a711974f/74386301049.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/4e718e39-2cca-45fb-a4e9-1777ed370338/photoshop_classroom_in_a_book_2021.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/d06be895-41e0-4b3e-8d82-6753b86926a0/26661198196.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/7c73117b-bc89-4d40-bec9-c0110840fb66/tomtom_xl_n14644_update.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/092b2939-5247-44fd-8886-83425ec4c0e3/toyota_camry_2019_used_houston.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
- http://dejavu.sourceforge.netIn PDF document text
- http://dejavu.sourceforge.net/wiki/index.php/LicenseIn PDF document text
Extracted artifacts 4
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000e8b5.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xE8B5 | 4996 bytes |
SHA-256: 7f7c1b0c6c3b8bab2cb349d7328fff86ef78ec8744024d5a084374a04233726e |
|||
font_01_sfnt_off0000f9c9.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xF9C9 | 12004 bytes |
SHA-256: 0152e518e6967763b3017eaca89d92a1983a60d55f81e286e11a7a17c5af8bcd |
|||
font_02_sfnt_off000120a0.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x120A0 | 16204 bytes |
SHA-256: a95eff378c135b1ab40d10b3cd1da1bafbc07f86005f57898d079c90d712ddbd |
|||
font_03_sfnt_off000135cd.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x135CD | 4324 bytes |
SHA-256: d1f4a20f0e35a0564be54678b929bb8c711862c507f070c2b9a6abea8daf4378 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.