MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF file was detected as malicious by ML classifiers and ClamAV, indicating a phishing attempt. It contains an embedded URL that directs users to a suspicious domain, likely to host further malicious content or phishing pages. The document body, though heavily obfuscated, suggests a lure related to 'Apple themes free'. No scripts were extracted from this sample.
Machine Learning
- Nyx PDF Classifier malicious score 0.9998
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://trafffe.ru/aws?utm_term=apple+themes+free
- https://dexixafavako.weebly.com/uploads/1/3/4/3/134348567/fugagovu.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- http://www.daltonmaag.com/
- https://s3.amazonaws.com/kegubinefuda/fupagodix.pdf
- https://static1.squarespace.com/static/5fc0e110403f5353fd95a22f/t/5fc1bed4fa04221c71606757/1606532821219/26759185103.pdf
- https://uploads.strikinglycdn.com/files/083c5a02-7163-401f-a93b-d15f8993322b/bina_consulting_co._collected_500.pdf
- https://uploads.strikinglycdn.com/files/99fc10c0-99ae-4e31-9552-a46ab6fbc33b/siemens_lotus_12p_user_manual.pdf
- https://uploads.strikinglycdn.com/files/c8ba7956-0ba0-4378-90b5-eb865d930727/flesh_tone_color_wheel.pdf
- https://uploads.strikinglycdn.com/files/7d9b9aab-5c7d-49d1-931c-1ad28f587cab/condensed_electron_configuration_for_br.pdf
- https://uploads.strikinglycdn.com/files/d12ba026-6aaf-4868-a054-533f364354c7/how_to_make_slither.io_not_lag.pdf
- https://s3.amazonaws.com/sosupejuxofedo/75159509329.pdf
- https://static1.squarespace.com/static/5fbce344be7cfc36344e8aaf/t/5fbd3dfb2378d9213a93c78c/1606237692669/31088790023.pdf
- https://s3.amazonaws.com/memul/azamara_quest_deck_plan.pdf
- https://s3.amazonaws.com/sobaketemu/41231457490.pdf
- https://uploads.strikinglycdn.com/files/8db435e2-1868-42f7-8528-94ea934037ab/vutuberajubevuvikot.pdf
- https://s3.amazonaws.com/lixisariwulo/dupawidiledidikulomuv.pdf
- https://s3.amazonaws.com/xanebavifamopez/juwikimezam.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000d0d2.bin6f40828ca6d9135166d760f912be7e046eb7ff0b186bf4c1ad2b9f8308ae28eb |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xD0D2 | 4444 bytes |
font_01_sfnt_off0000dfe5.bin3649e6df64d4d0f71c21327a69eacaa935de327e81face8253700f9d211ed453 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xDFE5 | 11716 bytes |
font_02_sfnt_off000106d9.bin1158d95dac44631f497756703988ba3645251422e7ff0015d3fca430225e7c3e |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x106D9 | 4324 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.