MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The file is identified as malicious by ML classifiers and ClamAV, with a high risk score. It contains an embedded URL pointing to a suspicious domain, which is a common tactic for phishing or distributing further malicious content. The PDF structure itself does not contain readable content, suggesting it is designed to exploit vulnerabilities or redirect users.
Machine Learning
- Nyx PDF Classifier malicious score 0.9998
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://traffnew.ru/strik?utm_term=robert+sapolsky+stanford+stress PDF link annotation
- https://cdn-cms.f-static.net/uploads/4420775/normal_5fa5be6d0d5c3.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4377679/normal_5f94bfdce92a6.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://s3.amazonaws.com/tutapaxi/93072005405.pdfIn PDF document text
- https://s3.amazonaws.com/jemazejodep/butterworths_questions_and_answers_corporations_law.pdfIn PDF document text
- https://static1.squarespace.com/static/5fc30527bd14ff0dd2aa72c6/t/5fc478213f75b166436397d3/1606711334639/57036062252.pdfIn PDF document text
- https://static1.squarespace.com/static/5fc0b5bec30a162e0c519083/t/5fc1450d3570fb44d13152cb/1606501646665/horton_hatches_the_egg_video.pdfIn PDF document text
- https://s3.amazonaws.com/jusuberu/angularjs_example_application.pdfIn PDF document text
- https://static1.squarespace.com/static/5fc0e90c27a199023ab56552/t/5fc192462dd96f59182aa387/1606521415619/correos_el_salvador_santa_ana.pdfIn PDF document text
- https://static1.squarespace.com/static/5fc4c090f9866f3fd2ecba29/t/5fc6fcfae2dcb1274de34137/1606876410651/child_care_tax_credit_2020_changes.pdfIn PDF document text
- https://static1.squarespace.com/static/5fc174e7bf71053ccb141a2b/t/5fc9ac3f9c93c058c480df68/1607052352707/camouflage_skin_pack_for_minecraft_pe.pdfIn PDF document text
- https://static1.squarespace.com/static/5fbce344be7cfc36344e8aaf/t/5fbcfbf500f7af3919d399d7/1606220791838/exempted_establishments_members_meaning_in_hindi.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000ed6b.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xED6B | 5348 bytes |
SHA-256: 5b9d65538be9a01c7fda2a567a5e72920dc93327cd7d6b47fdfab746dffe9d9a |
|||
font_01_sfnt_off0000ffb5.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xFFB5 | 11060 bytes |
SHA-256: daa781fbf7a12722442790a56722a1ce13651ccca2bb29665664a8fcc2410ad9 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.