SUSPICIOUS
36
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
This PDF document was flagged as suspicious by an ML classifier. The file embeds external URLs that direct users to attacker-controlled resources. Specific URLs and indicators for this sample are listed in the indicators section.
Machine Learning
- Nyx PDF Classifier malicious score 0.9998
Heuristics 3
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://traffking.ru/strik?utm_term=king+of+the+jungle+baby+shower PDF link annotation
- https://cdn-cms.f-static.net/uploads/4381738/normal_5f9dc0fd8b205.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- http://www.daltonmaag.com/In PDF document text
- https://uploads.strikinglycdn.com/files/05a8a24a-45f3-4896-ae6a-9b4af255245f/63450697774.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/36501110-b04f-4a69-bb33-d2b62f51786e/psicologia_del_color.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/0236ec18-1ba8-4278-ac0c-8ef69011ba99/nerf_cutan_latral_de_la_cuisse_dou.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/45704eb2-ed60-4ca7-9d52-f6b2b5e6dc42/hit_the_ground_running_song.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/0fed967f-b4a4-4f3d-ae51-36d66d32e58f/calefon_universal_manual.pdfIn PDF document text
- https://s3.amazonaws.com/mudurixo/dizilotibefokugitu.pdfIn PDF document text
- https://s3.amazonaws.com/mekonulegipero/the_amazon_rainforest.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/8979c685-0591-4f74-bbc0-0ab03cc5dc01/pltw_engineering_5.1_answers.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/6e41c65e-8366-4a92-9b83-c60a1f45b616/moxifatad.pdfIn PDF document text
- https://s3.amazonaws.com/fedure/92335035031.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/8e1a426d-049f-4450-b39d-5ed8146b2b4f/danuxetevejufuzuf.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/a9add7e4-1fab-41e3-9520-563adaa28e14/simon_williams_guardians_of_the_galaxy_2.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000c9b3.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xC9B3 | 5292 bytes |
SHA-256: 872dbcfbd83e0ec907d72f2b314af52242fff4e670fb41ecc7b825aa5bccf064 |
|||
font_01_sfnt_off0000dbc7.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xDBC7 | 10124 bytes |
SHA-256: b5690a5be168f3a5acad457294529ce24c10213d3138dbed83d3f54813124373 |
|||
font_02_sfnt_off0000fe6f.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xFE6F | 4324 bytes |
SHA-256: 7f6049e5011acf0e8581793f2bc2bb947aac2929fdb77abc318b2a6155c1ef71 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.