CLEAN
6
Risk Score
Malware Insights
MITRE ATT&CK
T1204.002 Malicious File
T1566.002 Spearphishing Attachment
The sample is a PDF document that contains embedded URIs and is related to CVE-2023-26369, indicating it attempts to exploit a known vulnerability. The embedded URLs, primarily pointing to www.derindusunce.org, suggest a redirection to potentially malicious content. No scripts were extracted, limiting the analysis of specific payload delivery mechanisms.
Machine Learning
- Nyx PDF Classifier clean score 0.1116
Heuristics 3
-
TrueType bitmap font + active content — CVE-2023-26369 related info PDF_CVE_2023_26369_RELATEDPDF embeds a TrueType font with bitmap tables (EBDT/sbix/CBDT) alongside exploit delivery indicators — CVE-2023-26369 exploits the sfac_GetSbitBitmap function in Adobe's libCoolType for arbitrary code execution. This CVE was actively exploited in the wild, but this rule does not validate the malformed EBLC/EBDT primitive.
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://www.derindusunce.org/ PDF link annotation
- http://www.derindusunce.org/wp-content/uploads/2014/08/Tanri-ka%C3%A7-feet-y%C3%BCksekte.jpgIn PDF document text
- http://www.derindusunce.org/wp-content/uploads/2014/08/werther_selbstmord_gross.jpgIn PDF document text
- http://www.derindusunce.org/2014/08/03/romantizm-goetheden-muslum-babaya/In PDF document text
- http://www.derindusunce.org/wp-content/uploads/2014/06/sen-insansin.pdfIn PDF document text
- http://www.derindusunce.org/wp-content/uploads/2014/08/hqdefault.jpgIn PDF document text
- http://www.derindusunce.org/wp-content/uploads/2014/08/Cupola_Baciccia_Gesu.jpgIn PDF document text
- http://www.derindusunce.org/wp-content/uploads/2014/08/detay.jpgIn PDF document text
- http://www.derindusunce.org/2014/08/12/kiliseler-buyudukce-tanri-kuculuyor/In PDF document text
- http://www.derindusunce.org/wp-content/uploads/2014/08/requin-3D.jpgIn PDF document text
- http://www.derindusunce.org/wp-content/uploads/2014/05/tezyin_kitabi.pdfIn PDF document text
- http://www.derindusunce.org/wp-content/uploads/2013/10/soyut_sanat_muslumanin_yitik_malidir.pdfIn PDF document text
- http://www.derindusunce.org/wp-content/uploads/2013/09/islamda_mimar_ve_sehir.pdfIn PDF document text
- http://www.derindusunce.org/wp-content/uploads/2012/06/sanat_hakikat.pdfIn PDF document text
- http://www.derindusunce.org/wp-content/uploads/2014/08/Santa-Maria-del-Fiore.jpgIn PDF document text
- http://www.derindusunce.org/wp-content/uploads/2014/08/Mantegna-Camera-degli-Sposi-1.jpgIn PDF document text
- http://www.derindusunce.org/2014/08/22/tanriyi-gormek-icin-kac-km-yukselmek-lazim/In PDF document text
- http://www.derindusunce.org/wp-content/uploads/2014/08/Tanri-ka%C3%A7-feet-y%C3%BCksekte2.jpgIn PDF document text
- http://www.derindusunce.org/2013/11/06/sebep-sonuc-nedensellik-illiyet-causality/In PDF document text
- http://www.derindusunce.org/2014/08/25/ronesans-oncesi-hristiyan-sanati/In PDF document text
- http://www.derindusunce.org/wp-content/uploads/2014/08/12th-century_painters_-_F%C3%A9camp_Psalter_-_WGA15831.jpgIn PDF document text
- http://www.derindusunce.org/wp-content/uploads/2014/08/25_artstor_103_41822001105962-145F767A7AA4CB857F9.jpgIn PDF document text
- http://www.derindusunce.org/wp-content/uploads/2014/08/050_Absis_de_Sant_Climent_de_Ta%C3%BCll_amb_Marc_Lluc_Tom%C3%A0s_Bartomeu_i_Maria.jpgIn PDF document text
- http://www.derindusunce.org/wp-content/uploads/2014/08/060_Frontal_daltar_de_Santa_Maria_de_Ta%C3%BCll.jpgIn PDF document text
- http://www.derindusunce.org/wp-content/uploads/2014/08/428px-12th-century_unknown_painters_-_The_Fight_between_David_and_Goliath_detail_-_WGA19693.jpgIn PDF document text
- http://www.derindusunce.org/wp-content/uploads/2014/08/513px-11th_century_unknown_painters_-_Christ_in_Majesty_-_WGA19746.jpgIn PDF document text
- http://www.derindusunce.org/wp-content/uploads/2014/08/580px-Louvre_saint_michel_rf1427.jpgIn PDF document text
- http://www.derindusunce.org/wp-content/uploads/2014/08/640px-KellsFol032vChristEnthroned.jpgIn PDF document text
- http://www.derindusunce.org/wp-content/uploads/2014/08/746px-Bari_archivio_capitoalre_exultet_MS._1_XI_secolo.jpgIn PDF document text
- http://www.derindusunce.org/wp-content/uploads/2014/08/756px-Novalesa_Sant_Eldrado-2.jpgIn PDF document text
- http://www.derindusunce.org/wp-content/uploads/2014/08/781px-TaullLlatzer.jpgIn PDF document text
- http://www.derindusunce.org/wp-content/uploads/2014/08/800px-Borradaile_Oliphant.jpgIn PDF document text
- http://www.derindusunce.org/wp-content/uploads/2014/08/800px-CLUNY-Coffret_Christ_1.jpgIn PDF document text
- http://www.derindusunce.org/wp-content/uploads/2014/08/9814_-_Milano_-_SantAmbrogio_-_Sarcofago_di_Stilicone_-_Foto_Giovanni_DallOrto_25-Apr-2007s.jpgIn PDF document text
- http://www.derindusunce.org/wp-content/uploads/2014/08/Abbaye_de_Saint-G%C3%A9nis-des-Fontaines_PM_47223.jpgIn PDF document text
- http://www.derindusunce.org/wp-content/uploads/2014/08/Abbaye_Vezelay-tympan.jpgIn PDF document text
- http://www.derindusunce.org/wp-content/uploads/2014/08/BaldwinII_ceeding_the_Temple_of_Salomon_to_Hugues_de_Payns_and_Gaudefroy_de_Saint-Homer.jpgIn PDF document text
- http://www.derindusunce.org/wp-content/uploads/2014/08/Barcelona_MNAC_P1290746.jpgIn PDF document text
- http://www.derindusunce.org/wp-content/uploads/2014/08/Barcelona_MNAC_P1290789.jpgIn PDF document text
- http://www.derindusunce.org/wp-content/uploads/2014/08/BeatoSM.012.jpgIn PDF document text
- http://www.derindusunce.org/wp-content/uploads/2014/08/Capitells_I._Claustre_Serrabona.jpgIn PDF document text
- http://www.derindusunce.org/wp-content/uploads/2014/08/Cazeaux-de-Larboust_%C3%A9glise_fresques_Assomption.jpgIn PDF document text
- http://www.derindusunce.org/wp-content/uploads/2014/08/Ceiling_panel_with_knights_galleys_and_a_boat_with_a_high_gunwale_-_Google_Art_Project.jpgIn PDF document text
- http://www.derindusunce.org/wp-content/uploads/2014/08/Cicle_de_linf%C3%A0ncia_de_Crist.jpgIn PDF document text
- http://www.derindusunce.org/wp-content/uploads/2014/08/Codex_Bodmer_127_052r_Detail.jpgIn PDF document text
- http://www.derindusunce.org/wp-content/uploads/2014/08/Iohannes_-_Altar_frontal_from_Gia_-_Google_Art_Project.jpgIn PDF document text
- http://www.derindusunce.org/wp-content/uploads/2014/08/Livre-de-Kells-t%C3%A9tramorphe-aigle.jpgIn PDF document text
- http://www.derindusunce.org/wp-content/uploads/2014/08/MS2555Fol7.jpgIn PDF document text
- http://www.derindusunce.org/wp-content/uploads/2014/08/PESCHERIA.jpgIn PDF document text
- http://www.derindusunce.org/wp-content/uploads/2014/08/Portail-NDLG-centre1406.jpgIn PDF document text
+93 more URL(s)
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
stream_084_off007cc0e0.bin |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x7CC0E0 | 600520 bytes |
SHA-256: 87d6111d2cea8ee76034a27f49796461ea530ee9065e0742a291b0c646d91f95 |
|||
stream_085_off008006db.bin |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x8006DB | 90036 bytes |
SHA-256: fe162d58be9d84ed4c1877853fc9384c95897906e4b450e665cb7eb4c7af6289 |
|||
stream_099_off008ec92e.bin |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x8EC92E | 678036 bytes |
SHA-256: 51c8ab7228716bac5ec4ff7b9776cb38a9488e1b69d6762a22a8945ba3925f37 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.