MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
This PDF document was flagged as malicious by ClamAV and an ML classifier. The file embeds external URLs that direct users to attacker-controlled resources. Specific URLs and indicators for this sample are listed in the indicators section.
Machine Learning
- Nyx PDF Classifier malicious score 0.9996
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://botokaw.ru/strik?utm_term=sembaruthi+serial+love+bgm+download+mp3 PDF link annotation
- https://cdn-cms.f-static.net/uploads/4373511/normal_60697a937bad3.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4495240/normal_5fc664def1680.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4367656/normal_6021f7e39d8aa.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4443595/normal_60476d52d751d.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4382790/normal_5fe38f84e38c0.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4492900/normal_6056f76722f23.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4499995/normal_6025c46617f31.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4401540/normal_5fec8b8519901.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://uploads.strikinglycdn.com/files/2f3b9e9b-48c1-4764-94aa-fe0d98f313f4/telugu_moral_stories_in_written_form.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/52104d49-e88b-4c74-8ff3-adfb5531d69e/29190833086.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/bab09cbe-384a-4886-a9b2-0bb81cff3f89/15mm_fantasy_wargame_figures.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/be57bbef-3e66-4acf-80d0-b129a2dc3c47/is_the_maze_runner_cast_still_friends.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/43f2dce4-9d9d-4510-b340-3cdbb69d4a10/how_to_install_the_keurig_water_filter.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/204fd1d0-b35b-499b-981f-b71a0c54c372/orbit_irrigation_57096_6-station_sprinkler_timer_with_remote.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/300901c9-8f01-4bee-bf1c-5a7d960e1268/what_milestones_should_my_14_month_old_be_doing.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/85c28544-58a1-485a-a912-618617c59b55/tuvosologezegolavegosa.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/f4d3cf73-424a-4a54-acd2-90f80438656f/dobasewovuwowiligune.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/096ffe28-16ee-44cc-a1b0-e79f1faedf8e/2006_honda_civic_positive_battery_cable_replacement.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/77a2490f-6b85-41e0-bdd6-b7d3768ce7c5/zunemubilifawenexapazan.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/e6e43c13-e267-4efb-9d5d-7d66efd61922/30597866974.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/00983f5c-c43c-47ce-9da4-7e252807d8a2/what_is_the_virgin_diet_7_foods.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/5bff03b7-1748-417b-bfa7-12b402f11a99/does_usps_have_tracking_to_japan.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000d938.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xD938 | 5932 bytes |
SHA-256: 928e5dcf76f049a35ec64c2e95cb00f938e04bf21fc2d756eb7de68893d2420c |
|||
font_01_sfnt_off0000ed4e.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xED4E | 10672 bytes |
SHA-256: f978a0ff04abb38938f8e19931c12266e5f5ce08ee276a120e2cc6220ea1bd89 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.