SUSPICIOUS
36
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF file contains an embedded URL that directs the user to a suspicious domain. The ML classifier strongly flagged this PDF as malicious, indicating a high likelihood of malicious intent. The embedded URL is likely part of a phishing or social engineering attempt to redirect the user to a compromised or malicious website.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 3
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://traffine.ru/wb?keyword=what%20is%20thamo%20in%20english PDF link annotation
- https://cdn-cms.f-static.net/uploads/4370088/normal_5f94dc66b8558.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4366382/normal_5f8a30991f380.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4382631/normal_5f8ecd6829724.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4379618/normal_5f9f139481a01.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4410217/normal_5f978b07081d5.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://uploads.strikinglycdn.com/files/40688718-b14c-4736-9bfb-c7d20eb74d21/58611316024.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/3e277e00-6ef8-493a-9f38-eb09db8ee500/literary_devices_in_fast_food_nation.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/2dcf5d0b-ee37-40f6-b035-b6681295e827/remove_duplicates_in_google_sheets_column.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/9ac3ad2c-a6e0-4d4d-84ea-f3e8408d50b9/adding_rational_numbers_worksheet_7th_grade.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/0b507bb1-bca0-4478-86f3-151bc7d6bc16/63220244604.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/117d3d08-e7be-401c-922a-233beaa099ae/jivovalezowosezuwaluj.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/362e0828-5eb7-42a7-8694-26ebf73bc7a5/44392922089.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/55c0cd8f-d7f7-4660-9dc1-2a05b9bb3ae2/31388496835.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/2011df08-7a2b-46e5-8b00-ef950d03b76c/flight_rising_breeding_cooldown.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/4e74f5f7-1fbc-4080-8261-b632a6027092/xekuxirokemajuto.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://dejavu.sourceforge.netIn PDF document text
- http://dejavu.sourceforge.net/wiki/index.php/LicenseIn PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
stream_005_off000090d3.bin |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x90D3 | 26200 bytes |
SHA-256: cda565053e5d8155a396a19fb4e622c45e26315cf36f48249292a1f8e9818505 |
|||
font_00_sfnt_off00005c1f.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x5C1F | 5016 bytes |
SHA-256: dc716e3e06ee86279c9bcf5763d167a9c787e1ef96d7b4bf685d5fbea5eb8120 |
|||
font_01_sfnt_off00006d17.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x6D17 | 10536 bytes |
SHA-256: 9299fc719631fb8807ec852b26a657d20ced32e9d61755c9da8087c8fa799fd5 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.