MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The file is a PDF document flagged by ClamAV and an ML classifier as malicious, specifically as a phishing trojan. It contains an embedded URI pointing to 'https://traffset.ru/strik?utm_term=android+pie+apkpure', which likely serves as a lure for users to download further malicious content. No scripts were extracted, but the presence of an external URI in a malicious PDF suggests a phishing or social engineering attack vector.
Machine Learning
- Nyx PDF Classifier malicious score 0.9998
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://traffset.ru/strik?utm_term=android+pie+apkpure
- https://cdn-cms.f-static.net/uploads/4450139/normal_5fa71b569b044.pdf
- https://cdn-cms.f-static.net/uploads/4373997/normal_5f91648ec5a0f.pdf
- https://cdn-cms.f-static.net/uploads/4366958/normal_5f875ca5d3ec9.pdf
- https://cdn-cms.f-static.net/uploads/4491151/normal_5faaa3cf0028b.pdf
- https://cdn-cms.f-static.net/uploads/4378425/normal_5f91c4766cd2a.pdf
- https://cdn-cms.f-static.net/uploads/4384299/normal_5f8ec1e6f0387.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://uploads.strikinglycdn.com/files/49b2791c-6b5a-4a1c-a69a-93b08f7e3018/pavuvo.pdf
- https://static1.squarespace.com/static/5fc0ca7740f1034a5ca83b63/t/5fc283642dd96f59183fee94/1606583146949/the_battle_of_tippecanoe_in_1811_resulted_in.pdf
- https://uploads.strikinglycdn.com/files/d31e5d4d-051e-46ce-8a6c-1ae4aa03c63b/zigilominewejiporireton.pdf
- https://uploads.strikinglycdn.com/files/e24ca552-8e76-48a7-8688-99fa994e5845/44237032224.pdf
- https://static1.squarespace.com/static/5fbce344be7cfc36344e8aaf/t/5fbdf90e3485235c868b3646/1606285582781/pamugaxo.pdf
- https://uploads.strikinglycdn.com/files/9ecbf265-6a4a-49b8-bf26-3e543b3c87fb/45684023300.pdf
- https://static1.squarespace.com/static/5fbce344be7cfc36344e8aaf/t/5fbd092b45ca4f790267c427/1606224174202/the_blue_danube_waltz_lyrics.pdf
- https://uploads.strikinglycdn.com/files/859d7c06-d79f-41bf-b492-6efbb838671b/58756348937.pdf
- https://static1.squarespace.com/static/5fbce344be7cfc36344e8aaf/t/5fbe294a3485235c868ea9e2/1606297933753/everyday_vocabulary.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000ebab.bind99b799d6da3159515efab08885d7683b47428db3722f10902af7468ce0fd9a6 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xEBAB | 4796 bytes |
font_01_sfnt_off0000fc09.bin90c232d7ecd69109a0f552148a30be1829f68c500bc9a29d5f2a84793a7c6b02 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xFC09 | 11764 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.