MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
This PDF document was flagged as malicious by ClamAV and an ML classifier. The file embeds external URLs that direct users to attacker-controlled resources. Specific URLs and indicators for this sample are listed in the indicators section.
Machine Learning
- Nyx PDF Classifier malicious score 0.9947
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://golowaki.ru/aws?utm_term=kung+fu+hustle+landlady+and+husband PDF link annotation
- http://grantmedica.ru/kitty_kate_cooking_restaurantsar7ge.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4410702/normal_5fd13fb57a9ee.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4403937/normal_5fce65ba448e1.pdfIn PDF document text
- http://remontlegko.info/bapiribowure4b0mb.pdfIn PDF document text
- http://serviceforyou.site/39050732071o208v.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://e86c6366-0652-46cb-9e1f-5633a133dba9.filesusr.com/ugd/510a18_3ce041f2b95a4338a56e697510525a58.pdf?index=trueIn PDF document text
- https://uploads.strikinglycdn.com/files/3d267787-52da-4e6c-9f26-6b552fd18536/94882030786.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/bf22fc9f-fdf5-45f6-adf4-d1e2d961272f/vizio_e400i-b2_manual.pdfIn PDF document text
- https://e0529b0e-ffd4-46ae-8a9e-348c3aa8e3ae.filesusr.com/ugd/27320f_0f68326f7ccc4b4d9fea1620950be365.pdf?index=trueIn PDF document text
- https://s3.amazonaws.com/sinadi/54188264106.pdfIn PDF document text
- https://s3.amazonaws.com/bejeseja/76460537029.pdfIn PDF document text
- https://s3.amazonaws.com/jawusawar/free_monthly_employee_schedule_template.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/8d1a06d4-c0a6-45d6-909e-7f00ee3be77c/sakodozifogavagubepiwo.pdfIn PDF document text
- https://s3.amazonaws.com/baxegezivumi/possessive_and_demonstrative_pronouns_worksheets.pdfIn PDF document text
- https://s3.amazonaws.com/damerirazib/iras_gst_guide_for_property_developer.pdfIn PDF document text
- https://s3.amazonaws.com/vapelurowar/annie_2014_songs.pdfIn PDF document text
- https://113c517c-d7b0-4b36-99d7-6722bcb7ef36.filesusr.com/ugd/8e66a5_3dfe641d6be747718a8eb8377efb6e10.pdf?index=trueIn PDF document text
- https://uploads.strikinglycdn.com/files/3684ed43-2005-4559-8960-0fb10ea98c6e/kenmore_elite_steam_dryer_not_heating.pdfIn PDF document text
- https://299bc67c-4c9a-44ea-852c-18f2d39dca40.filesusr.com/ugd/954c8b_760fee0bb93b41ba8f7dfe0d672ce706.pdf?index=trueIn PDF document text
- https://s3.amazonaws.com/napejaxosinages/how_to_use_brother_xl_2600_sewing_machine.pdfIn PDF document text
- https://5b0e1d79-1acc-45ba-a965-31015372eee8.filesusr.com/ugd/67f5f7_397e9870cb5547229e26730498a79841.pdf?index=trueIn PDF document text
- https://uploads.strikinglycdn.com/files/65af60be-ea48-4219-8dde-e0bd4d7025f1/kitchenaid_superba_oven_model_number_location.pdfIn PDF document text
- https://s3.amazonaws.com/vuxagixil/nakebutopas.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
- http://dejavu.sourceforge.netIn PDF document text
- http://dejavu.sourceforge.net/wiki/index.php/LicenseIn PDF document text
Extracted artifacts 4
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00018870.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x18870 | 43208 bytes |
SHA-256: 227f889198ea1fd5e0e7bb7036d2eac975caee1b2e5fe3037b3aa12dfb63511a |
|||
font_01_sfnt_off00020cc9.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x20CC9 | 5284 bytes |
SHA-256: 93a0a56d964999695765f72f35918b05fd6cd4e22c97d976208c1f57ae62beac |
|||
font_02_sfnt_off00021ed9.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x21ED9 | 12796 bytes |
SHA-256: 5006a844e43b95dfc82c3eaa8e25b649bd5436861abc2c0580d8e8d77183f104 |
|||
font_03_sfnt_off00024801.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x24801 | 16060 bytes |
SHA-256: 660d05b38fea380e8cc13f4a5a7db764e9bd2a20a73145a73af50c118749f22b |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.