MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF file was flagged by a machine learning classifier and ClamAV as malicious, specifically as a phishing trojan. It contains an embedded URL pointing to 'traffset.ru', which is likely used to deliver a malicious payload or redirect the user to a phishing site. The document body, though heavily obfuscated, suggests a lure related to a game guide, aligning with common social engineering tactics.
Machine Learning
- Nyx PDF Classifier malicious score 0.9998
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://traffset.ru/123?utm_term=saint+seiya+cosmo+fantasy+reroll+guide PDF link annotation
- https://cdn-cms.f-static.net/uploads/4454575/normal_5fda02f9a54ec.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4393361/normal_5f93dead53681.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4415537/normal_5f9994d5c1970.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://static1.squarespace.com/static/5fc2a5b42e537a05ef144f11/t/5fd1f807133bcb3b88a23659/1607596039614/nipofebin.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/a953b6b0-20e9-4b10-b2e5-c99338cdc0b7/valotufi.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/3f4fd2ce-4916-43b0-9b16-54a625aab7a4/modern_brazilian_portuguese_grammar_a_practical_guide_modern_grammars.pdfIn PDF document text
- https://s3.amazonaws.com/rudelazifizuvo/bangalore_days_title_bgm.pdfIn PDF document text
- https://static1.squarespace.com/static/5fc0df209955c744b53b696b/t/5fc1640acb3e0f577183d8b5/1606509580462/lixoti.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/20e9104d-2f6b-4ebd-a52a-81bf0e89691c/tewij.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/55fddbc4-453b-4ee3-b5c1-8a94207ad2eb/82943015448.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/4e6756a2-e75d-457a-aad8-db8a2384042d/notches_cut_in_eyebrow.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/e03e5e88-d367-46a0-a9f8-062cd368da30/zodutub.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/c2b8d668-89c6-49ec-b9a4-dcdc7dee0a7e/51_documents_zionist_collaboration_with_the_nazis.pdfIn PDF document text
- https://s3.amazonaws.com/jofunoje/box_apk_file.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
- http://dejavu.sourceforge.netIn PDF document text
- http://dejavu.sourceforge.net/wiki/index.php/LicenseIn PDF document text
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000ac7e.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xAC7E | 5548 bytes |
SHA-256: 23e035d401033715fb5e8654d74254a001c19f0c2be50658613988746f6994a3 |
|||
font_01_sfnt_off0000bf45.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xBF45 | 9936 bytes |
SHA-256: baedd24bed998df69893d61a2097e6a474140f05265830306fb296dd9e9741b1 |
|||
font_02_sfnt_off0000e17e.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xE17E | 16196 bytes |
SHA-256: 13873d145b8da2256cc9aff7ec32aedf7dd7de0e65fabb376e0f91dd1eea3996 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.