MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
This PDF document was flagged as malicious by ClamAV and an ML classifier. The file embeds external URLs that direct users to attacker-controlled resources. Specific URLs and indicators for this sample are listed in the indicators section.
Machine Learning
- Nyx PDF Classifier malicious score 0.9997
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://maypoin.ru/wb?keyword=which%20is%20better%20gazelle%20or%20elliptical PDF link annotation
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- http://www.daltonmaag.com/In PDF document text
- http://zepupifob.pbworks.com/f/basit_eitsizlikler_km_sorular_tyt_ayt.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/f763a89b-38f8-4493-9648-5259b2ec4ddb/free_gift_code_for_defender_3.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/8395f45c-e045-4f0a-9358-f7886e4db795/nolukodixozavepu.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/c921d602-d76e-4783-8817-a5e58188de46/free_english_speaking_course_for_beginners.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/47017749-8ce6-46b6-b017-aefb13528663/dell_inspiron_n5010_charger_90w.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/2ab445a6-c611-48b0-8e4c-f0db9502caf5/race_in_america_matthew_desmond_citation.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/7864e66b-5946-4b5a-b77f-e003127b3619/nasipizirukixemijifetu.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/27942d4a-d929-4c88-a11d-0a72c1e877e5/apc_back-ups_500va_230v.pdfIn PDF document text
- http://kepojijudiva.pbworks.com/w/file/fetch/144506127/gas_chromatography_multiple_choice_questions_and_answers.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/688a7ad8-fa47-41cc-9959-dfe148d5973e/66716687285.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/83d951c1-7654-4fa0-bb9d-4a3db1949562/how_to_calculate_cross_sectional_area_in_excel.pdfIn PDF document text
- http://visetululiv.pbworks.com/f/operations_management_sustainability_and_supply_chain_management.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/a30c34af-5c87-44f6-a2d8-f6db1f4e2d0c/how_to_size_a_cable_gland.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/181b6df7-ec7c-4a6e-9933-18ba27f64136/watemizanowuwoxoferurizaw.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/d47bc815-0609-4452-8314-553165fd9f97/nepitanazaxafesedik.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/c4ce91e5-c5d6-4e7b-be75-133d46e12094/xerox_workcentre_7855_price_in_india.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/ed765e38-5d4f-4a2f-a481-30e5e3ba2638/how_do_you_use_a_sq11_mini_dv_camera.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/c812bbf3-c48a-43e6-b15e-b5d0eb7f1d04/which_country_gives_the_most_foreign_aid_per_capita.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/0b66d9fb-95d6-4a63-b1ac-e5bdfaad528c/somagifuduximikokefesateb.pdfIn PDF document text
- http://funuvutidip.pbworks.com/f/18706893487.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000f26d.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xF26D | 5080 bytes |
SHA-256: 59768139512faa1a91bfed36a6430fe2e10c87f2a1bc811a2f2eb84aa9a87624 |
|||
font_01_sfnt_off000103d3.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x103D3 | 11344 bytes |
SHA-256: 06377d046a39ccfc1e7aa877490784b763ef74ba61cbeb1accbc439318d97688 |
|||
font_02_sfnt_off00012a8a.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x12A8A | 4324 bytes |
SHA-256: 0d0f64e27578eb124b8bc81c7eceacdd166e22eddd95c81328e9fbd7de2a6333 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.