MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
This PDF document was flagged as malicious by ClamAV and an ML classifier. The file embeds external URLs that direct users to attacker-controlled resources. Specific URLs and indicators for this sample are listed in the indicators section.
Machine Learning
- Nyx PDF Classifier malicious score 0.9996
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://xezojetit.ru/strik?utm_term=el+ultimo+deseo+andrzej+sapkowski+pdf+gratis PDF link annotation
- https://static.s123-cdn-static.com/uploads/4381287/normal_5fefc0d6d7855.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4417806/normal_5fcff141b219a.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4369936/normal_6008430235135.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4427085/normal_602e4f91ad826.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4365539/normal_5fc5ceaa2a658.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://uploads.strikinglycdn.com/files/5d56300d-539a-4a33-bf4b-3923fd47091b/tabla_de_conversion_de_pies_y_pulgadas_a_centimetros.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/9771b9a5-23d1-4d5c-ac1c-7fbb000ca876/how_to_get_a_street_food_vendor_permit_los_angeles.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/8b1af2b1-4aee-4e14-bdb6-17b859db7c10/class_11_physics_objective_questions_in_hindi.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/21f6e391-8a89-41da-8408-ae7977bf7daf/broadchurch_season_3_episode_1_recap.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/b838f2f0-3ffa-4fe9-8afd-09b57ad68f52/31387335217.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/5b10a8ed-7d41-4d68-8a4e-73a6160d689e/swiffer_wetjet_mopping_kit_instructions.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/fb0528a0-d374-4486-aea8-55d88626f0c6/dungeons_and_dragons_5e_players_handbook.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/61395751-dbc9-4062-b312-c92e917e241f/last_day_on_earth_hack_ios_no_jailbreak_2019.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/5be3d6d5-8dfa-49d9-bd34-30a67c2c30f1/conjunction_worksheets_3rd_grade.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/dc35c5b1-6414-4d4d-9ec3-8152807ebeb8/89472477710.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/89ccaba2-8d60-471b-a6a2-1eb34e0aeac6/zixalisome.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/961ad169-7837-4da2-9efd-cb89122a2938/nenemaxufor.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/fc673c58-1b71-4d72-95be-2300055a523a/61663832142.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/d088a1fb-ebe5-43c1-9002-4af28f13dfa5/how_do_i_find_the_remote_code_for_my_samsung_tv.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/aba3a9a8-7a57-4fad-b9d2-fe315771b85e/rajigaxi.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/4353d7ac-5667-4351-bf6f-f224511e3b93/novela_os_dez_mandamentos_capitulo_22.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
- http://dejavu.sourceforge.netIn PDF document text
- http://dejavu.sourceforge.net/wiki/index.php/LicenseIn PDF document text
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000121e4.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x121E4 | 5600 bytes |
SHA-256: 414db7d24c7759aade39e6297bde3c13381cd55565ff3d8e971b5daa1ad908e9 |
|||
font_01_sfnt_off00013502.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x13502 | 11748 bytes |
SHA-256: 5dbe0c490cde46b4800a38a73838542ccd4201e4fc5450b71436917a381d10b9 |
|||
font_02_sfnt_off00015b88.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x15B88 | 16108 bytes |
SHA-256: 1ae76fedb08a88956571950a1bfb28d37554dda4b67ee80363d4f1c494134c60 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.