MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
This PDF document was flagged as malicious by ClamAV and an ML classifier. The file embeds external URLs that direct users to attacker-controlled resources. Specific URLs and indicators for this sample are listed in the indicators section.
Machine Learning
- Nyx PDF Classifier malicious score 0.5496
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://bologen.ru/wix?keyword=chesterfield+technical+center+night+classes PDF link annotation
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://s3.amazonaws.com/ruzumeb/keurig_2.0_filter_setup.pdfIn PDF document text
- https://569961a5-e6b5-462d-8b38-7193d5e7b20b.filesusr.com/ugd/a37a2e_9a0114c682d54dd8b98a5ebb4b0dbe30.pdf?index=trueIn PDF document text
- https://s3.amazonaws.com/nefomojuwet/72219141919.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/eacb0dbd-c444-4b9b-825d-aafa11e31b71/fedex_printing_online.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/bf7828a3-ed5b-4fa2-93d9-8f7f6a7641f2/can_you_install_nest_doorbell_yourself.pdfIn PDF document text
- https://s3.amazonaws.com/taguxif/77629143474.pdfIn PDF document text
- https://s3.amazonaws.com/widofafane/62119775168.pdfIn PDF document text
- http://kenovog.rf.gd/que_es_taller_de_lectura_y_redaccion_1.pdfIn PDF document text
- https://f110cc6a-49d6-427c-9ab6-a3a4d323b004.filesusr.com/ugd/9e53d4_4d9dd044f4194ecab72dd28b08c6c791.pdf?index=trueIn PDF document text
- https://uploads.strikinglycdn.com/files/8a8bf497-c1c3-4df8-b536-e84f7bc5961a/78439760329.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/9ca17c79-9e71-4065-a609-0216f62f6fe8/how_many_carbs_are_in_a_small_vanilla_frosty.pdfIn PDF document text
- https://s3.amazonaws.com/posaxugidut/liloraladukobudej.pdfIn PDF document text
- https://s3.amazonaws.com/zodawanuror/bb_pilipinas_2018_question_and_answer.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/7e4e27af-f035-4337-9a80-9c3c96498bf3/what_restaurants_offer_free_dinner_on_your_birthday.pdfIn PDF document text
- http://xekifoxudiduvaf.rf.gd/sopugasalerefitudu.pdfIn PDF document text
- https://s3.amazonaws.com/wujodibu/pepenini.pdfIn PDF document text
- https://50bf384a-eeac-4f26-a262-e2ba1a5e00ba.filesusr.com/ugd/17159d_412f0341674443b49e1f376bd644feda.pdf?index=trueIn PDF document text
- https://s3.amazonaws.com/posufij/activity_based_costing_notes.pdfIn PDF document text
- https://s3.amazonaws.com/telasebisu/befikre_full_movie_dailymotion.pdfIn PDF document text
- https://s3.amazonaws.com/welanisowari/tibawuzopazolelijivokafi.pdfIn PDF document text
- http://siwapog.epizy.com/appvn_apk_latest.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/b3cddd8d-e94c-4b7e-a592-6eba016a0f72/dymo_labelwriter_4xl_driver.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
- http://dejavu.sourceforge.netIn PDF document text
- http://dejavu.sourceforge.net/wiki/index.php/LicenseIn PDF document text
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000df23e.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xDF23E | 5188 bytes |
SHA-256: 2edeec7262fdb15e94cfd8fb9530240f68089dbee57f52bf04bdf115ed7cdde7 |
|||
font_01_sfnt_off000e03e0.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xE03E0 | 11936 bytes |
SHA-256: bb2d7893e7f5919c7a6003175ecf20d4525cd1a54efe5c5b6e2d21676951d0d8 |
|||
font_02_sfnt_off000e2cd0.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xE2CD0 | 16204 bytes |
SHA-256: e93acd332f5893643511f4cefd38969ad5c744ad1b08842a788b6be7d277dd15 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.