MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
This PDF document was flagged as malicious by ClamAV and an ML classifier. The file embeds external URLs that direct users to attacker-controlled resources. Specific URLs and indicators for this sample are listed in the indicators section.
Machine Learning
- Nyx PDF Classifier malicious score 0.9687
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
PDF differential parser failed info PDF_DIFFERENTIAL_PARSE_FAILEDThe cross-check parser (pdfminer.six) failed on this file: PDF differential parser failed: PDFSyntaxError. Static heuristics still ran and any of their findings above are valid; only the differential cross-check signal is missing.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://pelibifir.ru/strik?utm_term=the+seventh+man+short+story+summary PDF link annotation
- https://cdn-cms.f-static.net/uploads/4492546/normal_6028c3d3380b6.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4454822/normal_5fcec12e29b2e.pdfIn PDF document text
- http://govugododuwo.iblogger.org/arduino_programming_book_in_hindi.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4426267/normal_5fe78aa0cecf8.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4421937/normal_5fe4e45b73c2a.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4493550/normal_601dbef601e54.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4454302/normal_60290b3438b44.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4445739/normal_5fd3a918a506f.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4449771/normal_602cf1b912ead.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4387711/normal_60052ed33c690.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://uploads.strikinglycdn.com/files/26b98390-c259-4ad3-8045-ef87501aaf70/81952599102.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/a7296f59-669a-4bb9-87ed-2ccfc747c738/is_11th_physics_tough.pdfIn PDF document text
- http://ditajizuru.rf.gd/philips_respironics_system_one_bipap_avaps_bilevel_machine.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/9707bc32-7e04-4fab-9847-97fbcf9fe83a/linksys_ea6500_vpn_setup.pdfIn PDF document text
- http://xujufogovixew.epizy.com/stephen_king_it_free_movie_online.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/155ce99e-bc85-428b-b2bb-5bb57e95eafa/12746485128.pdfIn PDF document text
- http://likijanima.epizy.com/imsai_arasan_23am_pulikesi_songs.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/f9c664fa-c176-4d29-82a0-189587383c81/how_to_install_a_ao_smith_heat_pump_water_heater.pdfIn PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000fc16.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xFC16 | 5004 bytes |
SHA-256: fbae9f3e954cefca94efe0bbe0bb8a4e655334bedcc889143492a6f33373599c |
|||
font_01_sfnt_off00010cf5.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x10CF5 | 10880 bytes |
SHA-256: 27941df7f2835056a57078cc0b9837f7d06b05dbed19749bbb02fe01734cc054 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.