MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
This PDF document was flagged as malicious by ClamAV and an ML classifier. The file embeds external URLs that direct users to attacker-controlled resources. Specific URLs and indicators for this sample are listed in the indicators section.
Machine Learning
- Nyx PDF Classifier malicious score 0.9996
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://jottigo.ru/wix?keyword=special+right+triangles+word+problems PDF link annotation
- https://cdn.sqhk.co/bokapapukopa/gjAliLb/wajuxug.pdfIn PDF document text
- http://palaxofivuleduj.medianewsonline.com/how_to_setup_a_d_link_router.pdfIn PDF document text
- https://cdn.sqhk.co/faroziwe/juiaQ5G/blood_glory_2_mod_apk.pdfIn PDF document text
- https://cdn.sqhk.co/lojulifuvuxu/bjcnifi/65352525693.pdfIn PDF document text
- http://topcreditmonitoring.info/zijisedode2o80t.pdfIn PDF document text
- http://belplitka.ru/1354600586y20y3.pdfIn PDF document text
- http://fudoviwil.mywebcommunity.org/how_do_you_cook_chicken_on_a_weber_charcoal_grill.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://uploads.strikinglycdn.com/files/75bbca6a-b7aa-412a-9fc6-c4be8e968833/8240814815.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/3a6513f5-70b2-4069-bfe6-538773cc0dcd/what_to_do_if_you_lose_your_sentry_safe_key.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/29420409-0c59-4f35-8e5a-193347d77baa/modern_systems_analysis_and_design_8th_edition_test_bank.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/a94593cb-0e9d-4484-81dd-1bf9204bfc23/how_do_i_qualify_for_sss_maternity_benefit.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/d1588425-7519-4312-b5b9-d00b26abf74e/56133529094.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/ba3e7971-4ac3-42b9-91d4-7b45a47d899e/what_law_explain_the_slope_of_an_isoquant_line.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/851830f2-4a21-45f5-b12a-2967834ecc4a/hp_elite_8300_release_date.pdfIn PDF document text
- http://teropisarazo.myartsonline.com/45007005354.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/c19b4a6c-566e-4c30-b7be-c5afc2a613d3/xuzapiwigesaj.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/59c2651f-8e11-4c35-b920-a8b4caf41afb/jefawabexamipobodebub.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/7fbedf97-e07c-452b-9ce5-03be302dc72f/76164953297.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/10f3bf4a-f5f9-4ee6-bd62-4027713e0f5a/how_to_thread_my_singer_tradition_sewing_machine.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/d04f640f-edfe-419f-bc74-4a174223c1c5/1_43_scale_diecast_rally_cars.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/65bc4ea5-1c1a-4261-9870-107bb677c4f1/65605267230.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
- http://dejavu.sourceforge.netIn PDF document text
- http://dejavu.sourceforge.net/wiki/index.php/LicenseIn PDF document text
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000eae7.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xEAE7 | 5824 bytes |
SHA-256: 6692def354c4276eac3b865fa1f1aba5ff97bb9554878125817d9fcd532c91b0 |
|||
font_01_sfnt_off0000fe8f.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xFE8F | 11352 bytes |
SHA-256: 83b97f87e5b40ed3355f9621dd085c04f66961718fc170a533cd10f09a65310e |
|||
font_02_sfnt_off0001258f.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1258F | 16124 bytes |
SHA-256: 5662cc01a8504ec4eb6d91cb9aee1c85517507b82827a5cf00fcc61cb5518265 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.