MALICIOUS
104
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
This PDF document was flagged as malicious by ClamAV and an ML classifier. The file presents a deceptive download button. Specific URLs and indicators for this sample are listed in the indicators section.
Machine Learning
- Nyx PDF Classifier malicious score 0.9998
Heuristics 5
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTONDocument contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://huntic.ru/pbw?utm_term=download+lie+with+me+full+movie PDF link annotation
- https://cdn-cms.f-static.net/uploads/4418000/normal_605591fe999c5.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4387235/normal_6000fc32d7fbc.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4366055/normal_60b9b13a65bd6.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4489601/normal_6049ecac425a5.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4501503/normal_600c3df395f78.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4377095/normal_6019118bb55f2.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://uploads.strikinglycdn.com/files/1a39791c-f19c-4568-a1cb-d7432edf2d5f/how_old_to_work_at_ross.pdfIn PDF document text
- http://zikasamu.pbworks.com/f/10661150162.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/a8d629e2-86fa-4b37-91ce-a537907133f2/povilizuwusazu.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/83ff8663-b407-4ab4-84a0-2179ce3f5c2c/how_to_clean_ge_washer_dryer_combo.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/0ebd3081-e654-4ee4-9c9f-89c1222d28f3/54362401633.pdfIn PDF document text
- http://foziwedugumu.pbworks.com/f/tubemate_youtube_downloader_app_free_download.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/7338756b-768e-4e45-bb62-e7773bba68d9/kojijukorogigedom.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/a37a363d-beb7-4780-9447-1546e358950c/meaning_alchemy_symbols_tattoo.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/6f101451-df84-4398-8d07-b736ef59e63c/how_much_time_does_it_take_to_write_a_screenplay_script.pdfIn PDF document text
- http://davusavesasi.pbworks.com/w/file/fetch/144793527/exercicios_de_regencia_verbal_com_gabarito.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/96a39977-5e1c-4152-aeca-fdbadbfd4884/89601290464.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/2b6e42d3-c79b-4fa6-99c9-af25dfe1b04d/dorelovodiwokomo.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/e671b9ff-9976-4297-abfe-578b92a37639/how_to_setup_dell_active_pen_pn579x.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000db34.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xDB34 | 5024 bytes |
SHA-256: 31d02b0b7bd5c6a34faaa0365a0f67d36a4f79d7dd21f77a3092b926813cca1b |
|||
font_01_sfnt_off0000ec48.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xEC48 | 10340 bytes |
SHA-256: d79eda3e88066a72a1a368819a4dfe5e81e1a373695de861c2a03df275188631 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.