MALICIOUS
136
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1203 Exploitation for Client Execution
T1059.007 JavaScript
The PDF file was flagged by a machine learning classifier and ClamAV as malicious, specifically as a phishing trojan. Heuristics indicate a social engineering attack (ClickFix) that tricks users into running commands, likely to download and execute a second-stage payload from the embedded URL. The document body, though heavily obfuscated, contains references to 'wkhtmltopdf' and 'bluetooth driver', suggesting a lure to disguise the malicious intent.
Machine Learning
- Nyx PDF Classifier malicious score 0.9998
Heuristics 5
-
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
-
ClickFix social engineering attack high SE_CLICKFIXDocument instructs the user to press Win+R or paste a command into a terminal — consistent with ClickFix attacks that bypass macro restrictions by tricking users into running malicious commands directly
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://traffset.ru/aws?utm_term=bluetooth+driver+for+windows+10+pc
- https://static.s123-cdn-static.com/uploads/4392462/normal_5fc90be2ee6c7.pdf
- https://cdn-cms.f-static.net/uploads/4469617/normal_5fb3d42ddc0dd.pdf
- https://cdn.sqhk.co/xasexuwosul/W74q3Ma/king_of_avalon_game_wiki.pdf
- https://static.s123-cdn-static.com/uploads/4426062/normal_5ffdc417db749.pdf
- https://cdn-cms.f-static.net/uploads/4446776/normal_5f9f5be940adb.pdf
- https://static.s123-cdn-static.com/uploads/4379626/normal_5fcf11e29b938.pdf
- https://cdn.sqhk.co/jemajujo/hjhb2gu/56163873588.pdf
- https://static.s123-cdn-static.com/uploads/4450635/normal_5feb321232ec9.pdf
- https://cdn-cms.f-static.net/uploads/4455183/normal_5fbe28f3cecac.pdf
- https://static.s123-cdn-static.com/uploads/4448558/normal_5fe108c72fb37.pdf
- https://cdn-cms.f-static.net/uploads/4463286/normal_5fd7c3d0b84e8.pdf
- https://static.s123-cdn-static.com/uploads/4423431/normal_5fd09bd1b8a35.pdf
- https://static.s123-cdn-static.com/uploads/4366003/normal_5ff5f31044c0a.pdf
- https://cdn-cms.f-static.net/uploads/4384632/normal_5f9cb4792ef5b.pdf
- https://cdn-cms.f-static.net/uploads/4382003/normal_5f8d331c8241b.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://s3.amazonaws.com/jidosatikim/wuxezudika.pdf
- https://s3.amazonaws.com/xuxifuzituwu/chargers_injury_report_keenan_allen.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000eaaa.bin78d7449ca15d0a6d489aecd9fe011dca0d52930f4ed8239ba6941aa09aed5e85 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xEAAA | 5428 bytes |
font_01_sfnt_off0000fd43.binde845e917a1e3a02ac70f87f6840005a9c590d35027b5f3f198a2dfc07af7fa1 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xFD43 | 10840 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.