Malware Insights
The file is identified as malicious by ClamAV and an ML classifier, with heuristics indicating the presence of external URIs and embedded links. The document body, though heavily obfuscated, suggests an attempt to present itself as a standard PDF. The embedded URLs, particularly 'http://www.ascendercorp.com/' and 'http://www.ascendercorp.com/typedesigners.html', are flagged as unknown reputation and are likely part of the attack chain. No scripts were extracted, but the PDF structure and heuristics point towards a phishing or malware delivery attempt.
Machine Learning
- Nyx PDF Classifier malicious score 0.5996
Heuristics 3
-
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://www.ascendercorp.com/ PDF link annotation
- http://www.ascendercorp.com/typedesigners.htmlPDF link annotation
- http://www.w3.org/1999/02/22-rdf-syntax-ns#PDF link annotation
- http://purl.org/dc/elements/1.1/PDF link annotation
- http://ns.adobe.com/pdf/1.3/PDF link annotation
- http://ns.adobe.com/xap/1.0/PDF link annotation
- http://ns.adobe.com/xap/1.0/mm/PDF link annotation
- http://ns.adobe.com/xap/1.0/rights/PDF link annotation
- http://scripts.sil.org/OFLPDF link annotation
- http://dejavu.sourceforge.netPDF link annotation
- http://dejavu.sourceforge.net/wiki/index.php/LicensePDF link annotation
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00009eba.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x9EBA | 4944 bytes |
SHA-256: b099b911a760fab375a8cd145d59deeeff7be59d9de55c264f4c6345707de272 |
|||
font_01_sfnt_off0000aef2.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xAEF2 | 12024 bytes |
SHA-256: 8c6eede448ce88c39109d560686960719f5b42bee4534520535b241d7af09c9a |
|||
font_02_sfnt_off0000d570.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xD570 | 16144 bytes |
SHA-256: 8fb2621915dfc007ff2d0e30b281ceb029ddf1b64eebbf5d4dbd926fe97904ad |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.