MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
This PDF document was flagged as malicious by ClamAV and an ML classifier. The file embeds external URLs that direct users to attacker-controlled resources. Specific URLs and indicators for this sample are listed in the indicators section.
Machine Learning
- Nyx PDF Classifier malicious score 0.9975
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://philabc.ru/pbw?utm_term=horror+movies+in+tamil+dubbed+full+movie PDF link annotation
- https://cdn-cms.f-static.net/uploads/4376625/normal_6038571cca7b4.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4495558/normal_5ff0cdc8b72e8.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4505771/normal_6000d31e613f9.pdfIn PDF document text
- https://pakosikan.weebly.com/uploads/1/3/0/7/130740558/5ece9.pdfIn PDF document text
- https://samomalekadoj.weebly.com/uploads/1/3/1/4/131438786/dowamezisufek-jozukoxuzu-nebed.pdfIn PDF document text
- https://wutesubigu.weebly.com/uploads/1/3/4/8/134893167/5480446.pdfIn PDF document text
- https://kadeborejegan.weebly.com/uploads/1/3/2/7/132740978/1582853.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4459341/normal_5fffb95931efb.pdfIn PDF document text
- https://static.s123-cdn-static-d.com/uploads/4378410/normal_60b4f1ae769fa.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4366645/normal_6017cdf292dee.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4480728/normal_601bfa67c7097.pdfIn PDF document text
- https://guvoxokogavi.weebly.com/uploads/1/3/4/3/134374443/jujigapanelo_vuvulok.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4426696/normal_5fe1f65e898ea.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4412778/normal_6023dc796a698.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4461763/normal_6008ffc86323e.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4446275/normal_5ffa038ecc034.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4447089/normal_601fd9b655293.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://uploads.strikinglycdn.com/files/e1f9e74e-0f80-42b0-9db4-7c379ad94edc/transition_words_for_essays_second_body_paragraph.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/362d4150-5525-4e8a-bd48-b963a3242988/simple_weekly_timesheet_template_excel.pdfIn PDF document text
- http://kedetuwi.pbworks.com/f/athulitha_baladama_hanuman_chalisa_lyrics_telugu.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/db40610c-b6fe-47ae-9bda-15785e0af030/71824667601.pdfIn PDF document text
- http://niwomif.pbworks.com/w/file/fetch/144427560/nofazale.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/b414294d-f9d6-4d1b-b6f5-2db1cff4a16f/dell_optiplex_7010_motherboard_type.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00024af1.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x24AF1 | 5212 bytes |
SHA-256: 382a38e8f71e99560c1e07481c6d6fdd19580fd3061546db08795bdd0fdaa468 |
|||
font_01_sfnt_off00025c8d.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x25C8D | 12424 bytes |
SHA-256: 0ca919ac6c5ba3f905ae97457432a006f272985b377d79fe6e588e8640c3850d |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.