MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
This PDF document was flagged as malicious by ClamAV and an ML classifier. The file embeds external URLs that direct users to attacker-controlled resources. Specific URLs and indicators for this sample are listed in the indicators section.
Machine Learning
- Nyx PDF Classifier malicious score 0.9966
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://golowaki.ru/123?utm_term=gunaah+2002+movie++720p PDF link annotation
- https://static.s123-cdn-static.com/uploads/4453537/normal_5fe1029e7cda0.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4486354/normal_5fdae5ada5efc.pdfIn PDF document text
- https://cdn.sqhk.co/gijesali/jNgiLyy/glory_of_generals_pacific_war_medal_farming.pdfIn PDF document text
- http://br1.red/can_i_put_breast_milk_in_dr._browns_bottles8aedn.pdfIn PDF document text
- http://zvezdasevera.online/mario_theme_song_clarinetqsv1q.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4491410/normal_5fc9996804db8.pdfIn PDF document text
- https://cdn.sqhk.co/gisusisabez/PjjbibQ/starlink_free_flight.pdfIn PDF document text
- https://cdn.sqhk.co/matelasoguje/b9jbbic/fetitilisimikaz.pdfIn PDF document text
- http://digitalmedialit.com/pride_and_prejudice_1995_watch_online_episode_5rt0mm.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4426063/normal_5fdd8e0638f02.pdfIn PDF document text
- https://cdn.sqhk.co/vimavifuse/epqhahb/fowegokodegefofaxilakele.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4379237/normal_5fefa0bf2a317.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4497346/normal_5ff0459d57ee6.pdfIn PDF document text
- http://rocketdocs.us/how_do_you_program_a_charter_cable_remote_to_your_tvkx6g2.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4393639/normal_602b8fcde96a1.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4367951/normal_604ab9102ff0c.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- http://www.daltonmaag.com/In PDF document text
- http://fedorahosted.org/lohitIn PDF document text
- https://s3.amazonaws.com/mujevubutukoxu/14267845009.pdfIn PDF document text
- https://s3.amazonaws.com/vabemavuputenif/dbrau_date_sheet_2019_bsc_ag.pdfIn PDF document text
- https://s3.amazonaws.com/pavujiniz/2020_monthly_calendar_google_sheets.pdfIn PDF document text
- https://s3.amazonaws.com/kelukakeb/wenazuzitepa.pdfIn PDF document text
- https://s3.amazonaws.com/xuxifuzituwu/17752147885.pdfIn PDF document text
- https://s3.amazonaws.com/wovedukevikov/1_metro_cuadrado_cuantos_centimetros_tiene.pdfIn PDF document text
- https://s3.amazonaws.com/dowavelaxam/20354166488.pdfIn PDF document text
- https://s3.amazonaws.com/babuxufarizuxur/income_tax_challan_280_word_format.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
- http://dejavu.sourceforge.netIn PDF document text
- http://dejavu.sourceforge.net/wiki/index.php/LicenseIn PDF document text
Extracted artifacts 5
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000edc7.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xEDC7 | 5000 bytes |
SHA-256: 5fb0fbb63e4825daa06bb14ce303f022888c0acd1c94ae352a3a7819972de0b7 |
|||
font_01_sfnt_off0000fea4.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xFEA4 | 11192 bytes |
SHA-256: 99f2f8bf7d98f0629240b77dfee11ada341438a24378eef5c1fad5897b8404da |
|||
font_02_sfnt_off0001251b.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1251B | 16060 bytes |
SHA-256: 660d05b38fea380e8cc13f4a5a7db764e9bd2a20a73145a73af50c118749f22b |
|||
font_03_sfnt_off000139ae.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x139AE | 4324 bytes |
SHA-256: 05d2457133b820fa77aa358e30e9acfbad3f04c46ced9a37296d9311117db176 |
|||
font_04_sfnt_off000147ad.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x147AD | 3208 bytes |
SHA-256: abdd7a85a4867dd9ed7cd06ade8290e6a4e668e8c6d17898f077c26ce6ad9675 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.