MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
This PDF document was flagged as malicious by ClamAV and an ML classifier. The file embeds external URLs that direct users to attacker-controlled resources. Specific URLs and indicators for this sample are listed in the indicators section.
Machine Learning
- Nyx PDF Classifier malicious score 0.9998
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://traffset.ru/aws?utm_term=cascade+lake+idaho+fishing+guide PDF link annotation
- https://cdn-cms.f-static.net/uploads/4449614/normal_5fa0b4bb01367.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4411921/normal_5f965115e54d2.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4384318/normal_5f9128081e0b5.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4416672/normal_5f9f242661915.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://uploads.strikinglycdn.com/files/ae3f9299-abbf-4179-bf9f-af847642a817/sunflowers_stardew_valley.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/ad0b99cb-06e9-4187-8a69-56c55d10b833/nadepeponejikuke.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/578ae893-c5f0-4692-b17a-74eab8b184f0/sikujojeledudol.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/bfdeda26-e6d0-4a7c-825f-a3b111590404/60435592784.pdfIn PDF document text
- https://s3.amazonaws.com/jofunoje/garden_ridge_animal_hospital_lewisville.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/9c797281-d3b9-4110-9e0a-8bdd305dd7bb/17357551171.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/3255204e-e5c0-4c2c-96a4-a27a80dd66d3/regajabodun.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/39521c75-b0f5-4085-9640-cb68573a8ede/girl_scout_brownie_household_elf_badge.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/ac38d025-d82a-421e-959f-ffd2f526600c/36144717545.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/688659ac-9b0d-479d-8302-ad57f293044a/66509405690.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00010057.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x10057 | 5156 bytes |
SHA-256: 674017c15aa5290add0383b4c02887cef35b73cc9f08d2f3358ae283d6674295 |
|||
font_01_sfnt_off000111e5.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x111E5 | 11256 bytes |
SHA-256: 3846ab56dfe599bece4baefbc114f442a4bf1e1250b63a88344d278af79dbb20 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.