MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
This PDF document was flagged as malicious by ClamAV and an ML classifier. The file embeds external URLs that direct users to attacker-controlled resources. Specific URLs and indicators for this sample are listed in the indicators section.
Machine Learning
- Nyx PDF Classifier malicious score 0.9996
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://mezovuduw.ru/strik?utm_term=narconomics+how+to+run+a+drug+cartel+pdf+free PDF link annotation
- https://static.s123-cdn-static.com/uploads/4382972/normal_5ff66b48d777c.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4409255/normal_600fdb759f812.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4369935/normal_6029a9f4abfa8.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4420902/normal_60486029dd5cb.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4454040/normal_5fe73a8834fdc.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://uploads.strikinglycdn.com/files/ebab9886-34e2-45b8-a0f0-64643e5306a5/17_laws_of_teamwork_list.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/c44dc9de-ac9b-43ca-9800-5e992e5c1a35/black_and_decker_iron_temp.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/8593a130-a8d3-4688-a88f-5df4e78895a0/what_does_the_lamppost_represent_in_the_lion_the_witch_and_the_wardrobe.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/1d2223d6-7f3f-4d47-b084-1ba190e41b14/fuvujukufitot.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/eac30d56-49c6-4631-8259-0b46f5d9d533/xidiwesuvovopumuwuxukuf.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/505869e6-48a9-4a4b-9857-156305ca93c3/zomazabobugup.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/c43ac70c-9ae4-4b35-9620-69f0e8612743/sopamumixugutum.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/cbaa62f0-bbad-43a8-ac9a-3603e7fa6e53/kadadoselizosodudizuxapot.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/e28fd931-d4e7-4ea3-a289-2f10d8c1e6e0/dibujos_de_medios_de_transporte_terrestre_para_imprimir.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/27aa53bc-5e6b-4dda-a285-d19a969cb924/como_crear_archivos_en_celular.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/dbd22b20-948e-4f2e-a460-88c19e99c5e7/2660455451.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/b8de6be1-8448-45da-9a99-213548caf435/what_is_observation_in_statistics.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/e6dd5e33-690f-440c-9748-e83ea9cdde8c/33532518818.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/9faabf2b-9f33-45ee-96e6-566afa47e877/katimofi.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/a1a1dede-5f7e-4e81-a6bf-72384fc812c5/formato_de_avalo_de_bienes_inmuebles_en_colombia.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/c02b0140-6058-41a7-a50a-eed5d0be5a0b/cronica_de_una_muerte_anunciada_ultima_pagina.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/3d7d7fe5-1f47-4047-a63c-fd0e86db26e8/77440178792.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000f746.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xF746 | 5632 bytes |
SHA-256: bea37aa637d9363a4df397baf122900939f172e0b4753bf5af0602ed70589a6a |
|||
font_01_sfnt_off00010a5c.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x10A5C | 12800 bytes |
SHA-256: 25e49feee8ee0f1060577c702c312e747d09e6b5d8aca52ca28ec1d5b6a0dd3e |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.