MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The file is a PDF document that contains an embedded URL disguised as a subtitle download link for 'Game of Thrones season 8'. This URL, 'https://jottigo.ru/strik?utm_term=game+of+thrones+season+8+subtitles+download+subdl', is flagged as suspicious and likely leads to a malicious payload. The ML classifier and ClamAV detection strongly indicate malicious intent, consistent with a phishing or malware distribution lure.
Machine Learning
- Nyx PDF Classifier malicious score 0.9998
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://jottigo.ru/strik?utm_term=game+of+thrones+season+8+subtitles+download+subdl
- https://cdn-cms.f-static.net/uploads/4471958/normal_602538964e2f0.pdf
- https://cdn-cms.f-static.net/uploads/4464739/normal_60604dd1456e7.pdf
- https://cdn-cms.f-static.net/uploads/4386089/normal_5fe9ee1f1ee43.pdf
- https://static.s123-cdn-static.com/uploads/4366399/normal_5fedf4b501496.pdf
- https://cdn-cms.f-static.net/uploads/4392660/normal_601e57ecdf279.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://uploads.strikinglycdn.com/files/59bfbd5e-3ab6-48e1-a669-73a6d31cda80/math_workbook_grade_1_free_download.pdf
- https://uploads.strikinglycdn.com/files/3ef0db1a-eb30-48d0-8111-1ce5672a7e0b/94382831927.pdf
- https://uploads.strikinglycdn.com/files/488c5dfa-49f7-4524-87bd-e29913b17447/42713321125.pdf
- https://uploads.strikinglycdn.com/files/b313e50c-73ec-4b60-baed-caeeb4307a55/sazarilatiwifotevaxided.pdf
- https://uploads.strikinglycdn.com/files/03fa7607-334c-4a9d-85a6-e1a7e9a2a97c/a_single_man_movie_music.pdf
- https://uploads.strikinglycdn.com/files/407fe566-479e-452e-b399-09fc391083ea/47223110966.pdf
- https://uploads.strikinglycdn.com/files/45738ad7-195c-4fde-b694-8d082b67071a/2013_jeep_grand_cherokee_overland_summit_review.pdf
- https://uploads.strikinglycdn.com/files/459e64cc-fa6d-46ae-980f-5af89f9443eb/basic_english_speaking_conversation_practice_for_beginners.pdf
- https://s3.amazonaws.com/kegubinefuda/43933498408.pdf
- https://s3.amazonaws.com/vutame/notuluzotow.pdf
- https://s3.amazonaws.com/nasitevu/xosisobejo.pdf
- https://s3.amazonaws.com/tobaziw/14104372649.pdf
- https://uploads.strikinglycdn.com/files/df6a2189-e36e-42cf-b2b4-afab55fafcac/spss_survival_manual_by_julie_pallant.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000ef3e.bin9d62876d4f0e5f52d3db15b2233034aee4fb6db93d721c8dc1a5c2dccf6b4b9d |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xEF3E | 5604 bytes |
font_01_sfnt_off00010231.binb74af8f4a49ff06e01000e4d4b0f67d0cb54232e156a6f251a3298a3529240d3 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x10231 | 11104 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.