MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
This PDF document was flagged as malicious by ClamAV and an ML classifier. The file embeds external URLs that direct users to attacker-controlled resources. Specific URLs and indicators for this sample are listed in the indicators section.
Machine Learning
- Nyx PDF Classifier malicious score 0.9936
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://botokaw.ru/123?utm_term=ffbe+ignacio+bonus+stage+guide PDF link annotation
- https://cdn-cms.f-static.net/uploads/4447253/normal_5fe8b5cdbe153.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4419644/normal_60290e94a25db.pdfIn PDF document text
- http://balifruit.com/bose_ae2_replacement_ear_cushionsjhm7u.pdfIn PDF document text
- http://grenkasalo4.xyz/nojopivizuletunorajazuzn3ojg.pdfIn PDF document text
- http://paktum.pro/68316762954nhik.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- http://www.daltonmaag.com/In PDF document text
- https://uploads.strikinglycdn.com/files/26e0d563-52e2-42d5-8160-9929e8f5641d/10963012187.pdfIn PDF document text
- https://s3.amazonaws.com/musoxifuvitalo/lekejikubofeni.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/9b7586cf-a7e8-48a1-b1d5-9e53d526b4d6/m_audio_fast_track_usb_driver_windows_10_64_bit.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/e03eef77-ebba-458d-8a0a-2179ed217d2e/a_cuanto_equivale_10_pulgadas_en_cm.pdfIn PDF document text
- https://s3.amazonaws.com/fefurorobumi/lixoraluvapexemo.pdfIn PDF document text
- https://s3.amazonaws.com/buxoparadazegu/xanexubepiroti.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/3ac6a234-78ae-46d8-80fa-b77f5ba47176/the_egypt_game_chapter_2_summary.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/b1c749bb-7ea5-48b5-a186-fb48681f7ef4/decimal_place_value_worksheets_5th_grade.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/99f6977d-78bf-4300-95f6-e41df2ec1f7a/how_the_grinch_stole_christmas_cartoon_full_movie_hd.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/eebe4e6d-ffff-4917-af18-1c175e0503f6/pusedel.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/8a56da30-55aa-47ba-a2ac-e4becb3e89e0/66490265213.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
- http://dejavu.sourceforge.netIn PDF document text
- http://dejavu.sourceforge.net/wiki/index.php/LicenseIn PDF document text
Extracted artifacts 5
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0003677a.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x3677A | 14204 bytes |
SHA-256: 7fdc5bf35105e5d3685a51d66403beca51dc0b1f94c3fe62c62b8e2ce879d77d |
|||
font_01_sfnt_off00039613.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x39613 | 5040 bytes |
SHA-256: bac399d6d5462668d3dc3424cfe1d5b4970f9d0d77d9150d3cad60650b259a72 |
|||
font_02_sfnt_off0003a749.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x3A749 | 12320 bytes |
SHA-256: c1e41cfcdc7223954296cedb071e220cecfb224352788dc2306d96acc891d38b |
|||
font_03_sfnt_off0003d025.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x3D025 | 16092 bytes |
SHA-256: e9fe716c2abc985b12a899a49d5539e4e8be1b56d50c083b30290d85a2a7c848 |
|||
font_04_sfnt_off0003e4ed.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x3E4ED | 4324 bytes |
SHA-256: 0d0f64e27578eb124b8bc81c7eceacdd166e22eddd95c81328e9fbd7de2a6333 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.