MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
This PDF document was flagged as malicious by ClamAV and an ML classifier. The file embeds external URLs that direct users to attacker-controlled resources. Specific URLs and indicators for this sample are listed in the indicators section.
Machine Learning
- Nyx PDF Classifier malicious score 0.9999
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://druttle.ru/123?utm_term=atto+disk+benchmark+free PDF link annotation
- http://bbcua.site/38742277897iiupx.pdfIn PDF document text
- http://submonster.xyz/adobe_pack_subs_adobe_saggarten2bgpz.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4401540/normal_5ff9efce93a82.pdfIn PDF document text
- http://verifiedbadge-lnstagram.com/amores_verdadeiros_telenovela_capitu7lgou.pdfIn PDF document text
- https://cdn.sqhk.co/zutujodara/jdiirig/climbing_trail_running_shoes_for_hiking.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4499283/normal_605012e098dbf.pdfIn PDF document text
- https://cdn.sqhk.co/wefonasifaza/jigigih/vetozomuzibijatajirigajij.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4376856/normal_604f5743b2167.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4421768/normal_5fe0661d4d1eb.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4421613/normal_5fef1bb46a241.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://uploads.strikinglycdn.com/files/ccacb891-616f-43a2-963f-4e74f685ca8f/le_petit_nicolas_book_review.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/f8ebfb95-6899-4599-9fcd-349b1da1017d/does_sams_club_sell_deep_freezers.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/49107b8d-46fd-41a2-8060-abfc26102002/ti_nspire_cx_ii.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/6b4ae791-142b-4756-bfa9-8d18d9acc7de/is_there_going_to_be_a_season_two_of_nancy_drew.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/c7b4765c-c57e-4ff1-8f13-6ae22d0bed0c/does_mind_control_body.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/b8abb3c4-b297-49e3-86be-d87fab316891/30186033587.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/3e898d5a-d563-4f63-bf9f-9ffc6e254e0d/11868094405.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/baafc483-6428-460a-bc9a-06622dabd269/telugu_short_stories_with_author_name_and_book_name.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000e848.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xE848 | 5424 bytes |
SHA-256: 4191111342d69f79f6854d6f45862af31c2924536e48e86341d4595453231f7b |
|||
font_01_sfnt_off0000fa8d.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xFA8D | 11216 bytes |
SHA-256: aea409ff8632de3dc126e0e81491ab19eecb8584a4ee5d6b9f4901ec6537d83d |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.