MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
This PDF document was flagged as malicious by ClamAV and an ML classifier. The file embeds external URLs that direct users to attacker-controlled resources. Specific URLs and indicators for this sample are listed in the indicators section.
Machine Learning
- Nyx PDF Classifier malicious score 0.9993
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://resalured.ru/123?utm_term=us+navy+seal+crest PDF link annotation
- http://fodekofuxuvum.sportsontheweb.net/parts_of_speech_quiz_9th_grade.pdfIn PDF document text
- http://fomigiv.mypressonline.com/ge_logiq_e9_xdclear_2.0_datasheet.pdfIn PDF document text
- http://miiliioner.xyz/99792129213qh548.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4479214/normal_601fde10717fa.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4470209/normal_603acf754cf1a.pdfIn PDF document text
- https://mabatuba.weebly.com/uploads/1/3/5/3/135303696/5115181.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4481173/normal_5fcc2c6a3bc4a.pdfIn PDF document text
- http://mapotilij.mygamesonline.org/a_long_obedience_in_the_same_direction_review.pdfIn PDF document text
- https://lutigasudubuwa.weebly.com/uploads/1/3/2/6/132695203/47e6e42e89810.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4464524/normal_603edab85652d.pdfIn PDF document text
- https://pufoputinagof.weebly.com/uploads/1/3/4/2/134234879/wegisimuguwijug-fuderugidini.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4465144/normal_6029d8d63650a.pdfIn PDF document text
- http://glawerry.online/32963988555sj4hp.pdfIn PDF document text
- http://komozazene.getenjoyment.net/trane_xr13_model_2ttr3030a1000aa_manual.pdfIn PDF document text
- https://kapadarobuziwel.weebly.com/uploads/1/3/2/6/132696145/e1a6fedcccf.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://s3.amazonaws.com/ximupuv/damodarastakam_in_sanskrit.pdfIn PDF document text
- https://s3.amazonaws.com/mikibetiv/rainbow_fish_for_sale_uk.pdfIn PDF document text
- https://19f621d4-ab03-49b5-bf1d-c78de40104d4.filesusr.com/ugd/bc84a3_61241872af6e433088504e908abb4f06.pdf?index=trueIn PDF document text
- https://s3.amazonaws.com/lofese/hillingdon_hospital_cqc_report_2017.pdfIn PDF document text
- http://sasukagisodubex.onlinewebshop.net/dead_to_the_world_book_series.pdfIn PDF document text
- https://s3.amazonaws.com/fuwuzerijofa/basic_spreadsheet_app_for_iphone.pdfIn PDF document text
- https://0503187d-52cd-4237-9521-a3cb9bf551ae.filesusr.com/ugd/5bb01c_4daf82f619044531a933627b56a73c01.pdf?index=trueIn PDF document text
- https://ddb0fe67-a09a-413d-b59a-c21b1dde3186.filesusr.com/ugd/3f0e57_984111132033433186b1eb27669d69a6.pdf?index=trueIn PDF document text
- https://s3.amazonaws.com/zerepuzuze/core_critical_thinking_skills_examples.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000118a7.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x118A7 | 4944 bytes |
SHA-256: 03ee120453024abeff302f348c3dede1259170c2bdfae3c4b9cdfe36050bca05 |
|||
font_01_sfnt_off00012999.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x12999 | 11876 bytes |
SHA-256: b5ed28d0aa89c7edd4e24668e46bcd73299847428f0cac66ea65047d951a30d4 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.