SUSPICIOUS
36
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
This PDF document was flagged as suspicious by an ML classifier. The file embeds external URLs that direct users to attacker-controlled resources. Specific URLs and indicators for this sample are listed in the indicators section.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 3
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://traffnew.ru/aws?keyword=argentina+major+imports PDF link annotation
- https://cdn-cms.f-static.net/uploads/4366385/normal_5f88be123e1cb.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4391303/normal_5f94020c1891e.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4377408/normal_5f8b82807c110.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4367275/normal_5f9b8e4cd3cf9.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://uploads.strikinglycdn.com/files/6a31aa07-9037-42a0-9072-765cc4c78fe7/37454936113.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/93abf0c1-6734-41c3-82fe-f4aee141e609/38764210120.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/13ba0c2c-a28a-41e5-8d90-0b752bc7d0d9/42969369786.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/bae1423b-0a2c-435c-8aed-e98c6c61e042/pevotur.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/9580993b-f124-4c60-a302-9e2b6c1cbbfd/wanudisanumi.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/722f6329-a36a-40fb-902a-292a7269d491/pugowub.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/b8453ff0-60ed-40a0-9a1d-e2ec6119f46b/683995319.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/26026dbe-1417-4639-85b8-5cf5dada5fb6/9756664446.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/b69520d4-4908-4df0-b4e5-94712c5c88f3/diego_ojeda_mi_chica_revolucionaria.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/3cce265c-d5ab-42a1-8969-ed74199f0398/vehicle_registration_renewal_el_paso_texas.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/16dfd381-264c-478e-8276-39d9396c2b3d/nakudilaseku.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/b038a643-b87a-48af-8391-14de43d9dd70/fall_down_7_times_get_up_8_summary.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/1b395e5d-863f-44cd-9e04-22a05e754cb4/42712425859.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000067cb.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x67CB | 5172 bytes |
SHA-256: 6d18c29da66247fd5980c6eab08299ce978ce2e61d9c1ed37ab3d9348a8f6079 |
|||
font_01_sfnt_off00007954.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x7954 | 10800 bytes |
SHA-256: 620865594575466b4dc50d15f4bd29cb0a3f32f9b6829057116f6567f2e29d13 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.