MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
This PDF document was flagged as malicious by ClamAV and an ML classifier. The file embeds external URLs that direct users to attacker-controlled resources. Specific URLs and indicators for this sample are listed in the indicators section.
Machine Learning
- Nyx PDF Classifier malicious score 0.9991
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://mezovuduw.ru/strik?utm_term=astra+safety+razor+blades+near+me PDF link annotation
- http://bioforcecolumbia.site/4267175488mk5ft.pdfIn PDF document text
- http://ellmax-site.xyz/mitsubishi_tv_user_manual5hyd2.pdfIn PDF document text
- http://smirno.life/521964530799xsmb.pdfIn PDF document text
- http://constructionhouse.info/what_is_the_purpose_of_the_criminal_justice_system_in_australialuumr.pdfIn PDF document text
- http://fullpisetc.ru/firumafabosubibosepopujh2yu.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- http://www.daltonmaag.com/In PDF document text
- https://uploads.strikinglycdn.com/files/a64db64c-ce17-4451-afb4-3945d9914f1b/cuisinart_convection_bread_maker_gluten_free_recipes.pdfIn PDF document text
- https://s3.amazonaws.com/busutafitufe/oxford_inside_reading_2_answer_key.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/3bec2a62-5125-4bb5-8d93-9a0db55c6cdb/jezilejesizarisumozef.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/de301c5a-b04e-40e6-b88e-dce2cd8482d8/dias_feriados_enero_2019_puerto_rico.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/76adfffb-ee6a-4bcb-9fd1-7a52192e46b3/62173371506.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/b4914c18-6f8c-4104-b53f-66a602337ead/24674687938.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/55b24546-5154-4950-8b39-12613bab75c3/kenmore_elite_washing_machine_wont_turn_on.pdfIn PDF document text
- https://s3.amazonaws.com/fokapikow/64446094612.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/fc4773f2-5ccc-4159-98ad-62e7efe0bf1e/24430497044.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/6069693d-138d-44ab-acce-1f44775a853f/dutapogararil.pdfIn PDF document text
- https://s3.amazonaws.com/xomudufe/dell_laptop_latitude_e6510_price_in_pakistan.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/334212a7-e7fe-4b66-b581-7719e2c02af0/jixurowi.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/8c104b62-2d7f-4ef7-bf1c-8ed1bf0a8216/traductor_ingles_espaol_gratis_on_line.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/c726b7d7-3b3f-42c9-b73e-723e6a583718/how_to_make_a_letter_of_intent_for_business.pdfIn PDF document text
- https://s3.amazonaws.com/wetevali/graveyard_keeper_blue_points_guide.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/4c17c82b-5b1d-48f8-949c-206a87c7a3cb/free_printable_noun_worksheets_for_5th_grade.pdfIn PDF document text
- https://s3.amazonaws.com/lovetijif/trend_analysis_balance_sheet_excel.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/9cf44b03-42fe-4acd-ac38-5774aa31725b/fikaketesasokavijunavase.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000ef5c.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xEF5C | 5072 bytes |
SHA-256: 098ca89cbcaada72d724ae061561f8a8d6476ab4c16c9a48e6a5a425a37a2854 |
|||
font_01_sfnt_off0001008b.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1008B | 10988 bytes |
SHA-256: 23d94ae3b722e0f498172b3eb32f7bf27c292455d300cf232a108b23b69535e1 |
|||
font_02_sfnt_off000125ef.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x125EF | 4324 bytes |
SHA-256: 0d0f64e27578eb124b8bc81c7eceacdd166e22eddd95c81328e9fbd7de2a6333 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.