MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
This PDF document was flagged as malicious by ClamAV and an ML classifier. The file embeds external URLs that direct users to attacker-controlled resources. Specific URLs and indicators for this sample are listed in the indicators section.
Machine Learning
- Nyx PDF Classifier malicious score 0.9996
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://traffine.ru/strik?utm_term=understanding+nutrition+author+whitney PDF link annotation
- https://cdn-cms.f-static.net/uploads/4403282/normal_5f917efbee906.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4378410/normal_5f8fddb56b1c9.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4366325/normal_5f87610b995f0.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4490116/normal_5fae0999bac86.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4367919/normal_5f87f5817a760.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4365620/normal_5f8a9cc53f16c.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://s3.amazonaws.com/xipavir/lizufuzutomimesokupodidab.pdfIn PDF document text
- https://s3.amazonaws.com/jumedemimo/bhavani_ashtakam_lyrics_in_tamil.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/d33b59c5-f497-4811-b13d-3785dd044062/29049345324.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/90b74059-8b48-4883-b41a-5fd0074b72d4/21181633367.pdfIn PDF document text
- https://s3.amazonaws.com/mokixetat/28370057355.pdfIn PDF document text
- https://s3.amazonaws.com/sukobogixe/ftp_server_list_for_software.pdfIn PDF document text
- https://s3.amazonaws.com/nopomewegobij/intrinsic_extrinsic_motivation_worksheet.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000b5da.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xB5DA | 5240 bytes |
SHA-256: e44871f5d73f01e81ed8958c3a052b49961e8ebe4c913246fb5a4873226b9ca6 |
|||
font_01_sfnt_off0000c7bc.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xC7BC | 10240 bytes |
SHA-256: 16d07e9051486c9b52a5ee0ceec2b062ea150fd22a1c5a8d9201ff22218193d8 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.