MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
This PDF document was flagged as malicious by ClamAV and an ML classifier. The file embeds external URLs that direct users to attacker-controlled resources. Specific URLs and indicators for this sample are listed in the indicators section.
Machine Learning
- Nyx PDF Classifier malicious score 0.9992
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://infrive.ru/pbw?utm_term=2sc5200+2sa1943+amplifier+circuit+diagram+pdf PDF link annotation
- https://cdn-cms.f-static.net/uploads/4372737/normal_604fe55845eec.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4503050/normal_60386699c7859.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4445749/normal_5ff0dd2cbeb57.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4458840/normal_605ca0b823d3a.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4450417/normal_60235a9ce1563.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4417992/normal_6058ddeb425d2.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4496153/normal_60688cd838c0a.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4380701/normal_5fcd56f1d3706.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4473938/normal_603e1cf294ce1.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://uploads.strikinglycdn.com/files/87a0a6da-101c-43ec-b63e-527b9dd7331e/troy_bilt_mustang_50_idler_pulley.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/c9651a07-ee12-4a46-80a2-7d9c4a8e4311/age_of_empires_2_hd_cheats_car.pdfIn PDF document text
- http://nerobedevu.pbworks.com/f/19930993135.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/28584cd8-579e-4797-b47e-b3452d98226d/29546669208.pdfIn PDF document text
- http://sejiliki.pbworks.com/f/lesson_plan_on_adjectives_for_grade_8.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/3f7dbce6-e54e-4833-90a5-177a2a4ae3d5/bexinekilene.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/d2752295-810f-42c5-9327-cf7059428d19/surah_yaseen_beautiful_voice_in_the_world.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/70ad3141-72d5-4ab7-82e5-0fcae9077b84/assistir_tiras_s_que_no_completo_dublado_gratis.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/ffd1e3a9-f747-4b7e-a53b-06362da38dd3/five_advantages_of_sole_proprietorship_business.pdfIn PDF document text
- http://dipoziw.pbworks.com/w/file/fetch/144451575/sopibosodazusotakuvup.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/e00c1193-e801-4475-ae8c-f70afb420dde/kexegixen.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/11b79d0a-7d94-405d-bb02-cbce2fa23f05/what_to_read_before_the_dark_tower.pdfIn PDF document text
- http://bemulopawed.pbworks.com/w/file/fetch/144444741/pojavulanibetaxopinixi.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/3a2ec852-3141-45f3-8f5b-7583ba1c5773/is_ap_art_history_exam_hard.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000e4d3.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xE4D3 | 6240 bytes |
SHA-256: 59e6bea110c3ca39d5e0f389409aa17eab5c1a5f650eda3fab4fb74fe137ebdc |
|||
font_01_sfnt_off0000f9f1.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xF9F1 | 11372 bytes |
SHA-256: b47c8f7948587d27d647d59eaac507b01e8dead60dcf71ad468f8ce22a9e0ae9 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.