MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
This PDF document was flagged as malicious by a machine learning classifier and ClamAV, indicating a high likelihood of malicious intent. The document contains an embedded URL that likely leads to a phishing or malware distribution site. Although no scripts were explicitly extracted, the PDF structure and embedded URI suggest it's designed to trick users into clicking a link, potentially for credential harvesting or further payload delivery.
Machine Learning
- Nyx PDF Classifier malicious score 0.9998
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://traffnew.ru/strik?utm_term=determine+the+machine%25E2%2580%2599s+second-year+depreciation+using+the+units-of-production+method
- https://jojawetoterul.weebly.com/uploads/1/3/4/4/134404105/sajowilugi.pdf
- https://nonikezit.weebly.com/uploads/1/3/4/3/134335915/f02cc0cacd990e.pdf
- https://zemuxarasojutin.weebly.com/uploads/1/3/4/3/134374283/balezomaruguro.pdf
- https://ruwaderuxelelu.weebly.com/uploads/1/3/4/6/134651282/xozed-marakofe-lidakunar.pdf
- https://ravidaxixow.weebly.com/uploads/1/3/4/3/134315840/581321.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://uploads.strikinglycdn.com/files/e9cde8e7-0c25-496b-be5c-c2c0537300ef/vatobezemapusetomiv.pdf
- https://uploads.strikinglycdn.com/files/326defa1-c7d1-4825-b922-0585be6504fa/71653870234.pdf
- https://s3.amazonaws.com/zetare/pojub.pdf
- https://uploads.strikinglycdn.com/files/ae2a6d32-a8f5-4e3d-ac92-f86ee86d5026/unseen_realm_download.pdf
- https://s3.amazonaws.com/gewisetug/76700774380.pdf
- https://uploads.strikinglycdn.com/files/4f57721b-7e6b-4542-b0bb-25601f092f6f/17199010913.pdf
- https://uploads.strikinglycdn.com/files/91a5baec-8980-4343-9757-94abcd19db8e/pabowasonuzul.pdf
- https://uploads.strikinglycdn.com/files/062021a7-a1ba-4fb1-a33f-5fde998d79a7/lga_1156_motherboard_supported_processors.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000dbdb.bin421c54f8979f8d99f674d2901a14cd28aacb125f4a5e22097f869e2cef15c5f1 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xDBDB | 5756 bytes |
font_01_sfnt_off0000ef6b.binc3f00e226fa8534f42f91b9f6c454b675b47a6537982bbbb3180fd1f71a59421 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xEF6B | 10332 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.