MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
This PDF document was flagged as malicious by ClamAV and an ML classifier. The file embeds external URLs that direct users to attacker-controlled resources. Specific URLs and indicators for this sample are listed in the indicators section.
Machine Learning
- Nyx PDF Classifier malicious score 0.9997
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://traffnew.ru/aws?utm_term=beep+once+sms+ringtone PDF link annotation
- https://cdn-cms.f-static.net/uploads/4486351/normal_5fbe989f0ff40.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://uploads.strikinglycdn.com/files/ccfbf81b-9582-4df1-a39a-d8aa3d4b69dd/chamberlain_wd832kev_manual.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/c65d0f1b-0340-426a-b7cd-9ad311661e76/mega_upload_file.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/845cdcde-8359-4d0f-b43f-52a39da78054/kurujevufamalipaket.pdfIn PDF document text
- https://s3.amazonaws.com/muvemasoxaji/46370665197.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/13be72e7-3517-4a34-89c4-12dd065044e9/84890743741.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/76c0b5c6-3280-43ca-8bb8-fe8c19ed1108/mazofaju.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/8176470c-9b9f-46a4-bc24-63a093542b3e/tomapakudabatusajeroli.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/675d53cf-f0b5-4427-ad03-bad4b17e1583/cant_connect_to_rocket_league_servers.pdfIn PDF document text
- https://s3.amazonaws.com/simujix/how_to_sex_a_leopard_gecko_baby.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/dcb5f884-70f2-4f85-b6bb-a5b3d8a249fb/lugoxerelosolavaxetadobi.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/3226620a-0128-433d-a837-77ac628e4fa6/newesabekolapuwuninemi.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/fb2020ce-903e-41d9-9920-224971a3a8d5/xusugulonilelek.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000d28d.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xD28D | 5060 bytes |
SHA-256: 2777fd1d1ae3b3eda0d044b4f71870eb85f773d34d6f4952ce1435c14fe41bbe |
|||
font_01_sfnt_off0000e3b6.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xE3B6 | 10484 bytes |
SHA-256: 4d3be9368299cf180dbcc64254f139976d8d9777ed84ddf71863093761e004f4 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.