MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF file was flagged as malicious by a machine learning classifier and ClamAV, indicating a high probability of malicious intent. The embedded URL 'https://traffset.ru/123?utm_term=chess+time+live+apk' is the primary indicator of compromise, suggesting a phishing or malware distribution attempt. Although no scripts were explicitly extracted, the PDF structure and the presence of an external URI point towards a social engineering tactic to redirect the user to a malicious site.
Machine Learning
- Nyx PDF Classifier malicious score 0.9996
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://traffset.ru/123?utm_term=chess+time+live+apk PDF link annotation
- https://cdn-cms.f-static.net/uploads/4419820/normal_5f9b8b6f8cf5f.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://uploads.strikinglycdn.com/files/46a47267-fb37-4025-b270-99ab1da23d8b/masonry_designers_guide_7th_edition.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/bf3884e9-516d-46b8-80c3-26c9e88d2028/madaravedatutemuvuf.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/89743a1d-8314-4719-a2c1-e70f902975b5/26345894553.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/ed66c0ff-7077-4fa6-bf2f-bcf5dde25320/exponential_function_worksheet_word_problems.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/20de8e71-d815-4c27-8727-dbe68c3c1cda/babuzevumiweleluwo.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/8f4a9013-7026-4d0d-a2cc-6641fb0c98e8/luvowokojore.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/78878897-b0c2-41aa-944b-a98f00f5e536/atelier_lulua_traits_guide.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/dbd5f41a-1d70-43b6-aa95-2c5875652336/how_to_evolve_aipom_pokemon_go.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/4176154d-b498-4bad-8a03-78af55281f7a/85874494440.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/3a8fa4d2-819f-4fce-9a41-73323a742651/nakuvesokevelo.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/f37074ba-4ecb-4b44-8353-5baca3ad5d38/alcoholicos_anonimos_literatura.pdfIn PDF document text
- https://s3.amazonaws.com/mexavofezoxi/nabob.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/578ac7b5-dc9c-44ef-8fa8-7c9a1979e99f/wijet.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000a8f2.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xA8F2 | 4992 bytes |
SHA-256: 7452ebe6d8574f84aab34ff61d9b55c795be0b07d9397aded3829c51bb9a1d25 |
|||
font_01_sfnt_off0000b9c5.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xB9C5 | 9504 bytes |
SHA-256: 94fb172efc96b8ad9cf4434c9473e203a90ef3d89deb7ca9d23b92ad77fd1bf2 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.