MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
This PDF document was flagged as malicious by ClamAV and an ML classifier. The file embeds external URLs that direct users to attacker-controlled resources. Specific URLs and indicators for this sample are listed in the indicators section.
Machine Learning
- Nyx PDF Classifier malicious score 0.9997
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://queure.ru/pbw?utm_term=igi+2+full+game+download+for+android PDF link annotation
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://uploads.strikinglycdn.com/files/c581e6f4-42c9-4a96-ac5e-7eb9f099b788/qsc_touchmix_8_for_sale.pdfIn PDF document text
- http://zepupifob.pbworks.com/f/evida_8gb_digital_voice_recorder_manual.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/c96c6f46-c3e5-4fca-8abc-75c9a0c566f0/57804429914.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/c7fb1701-75b4-458a-9886-da01538dada7/the_crown_season_3_episode_8_fact_check.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/5aacdae6-390f-48c7-afd2-ef7fffb69be4/xalomasimonovepedata.pdfIn PDF document text
- http://bowawesup.pbworks.com/f/how_to_study_for_permit_test_ca.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/320d68fa-3883-498a-b204-c4c7c38a36a0/sba_3508ez_ppp_loan_forgiveness_application_and_instructions.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/c697373d-9743-48c4-9f1d-97132c37437c/polimu.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/ae45eaed-ab44-46ee-8a23-cfaacef86d21/mixipeposuzuwifabezezowi.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/e5aba47b-d6c8-42fb-b1ef-f78a7f0ffb8a/xujabu.pdfIn PDF document text
- http://sejuworepow.pbworks.com/w/file/fetch/144611295/cen-tech_60694_software_download.pdfIn PDF document text
- http://dimutojopog.pbworks.com/w/file/fetch/144784047/fuduzapapuzerori.pdfIn PDF document text
- http://lojefizowoj.pbworks.com/f/pibotom.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/0409138e-26c2-4624-b97d-581b8d6c98e9/libro_de_lecturas_segundo_grado_de_primaria_1993.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/36665ea4-c56e-40e0-9df3-f309762f90dd/will_there_be_season_2_of_rising_of_the_shield_hero.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/562c16e2-c010-4058-aee0-45c90b55b52c/complete_the_sentences_with_the_correct_present_continuous_form_of_the_verbs_in_brackets_jacky.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/0f8ee146-1949-4f9c-93dd-f26697a4073e/yiboo_helicopter_replacement_battery.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/0350f003-876e-4ded-a748-1bd51e328f1e/tojidupakupezizawamax.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/30dfdd79-0811-4def-a5bd-581405975ec4/ejercicios_de_razones_trigonomtricas_en_tringulos_rectngulos_resueltos.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/817f1e4f-b652-4e97-a71a-c94b3b36df4a/telefono_colegio_de_profesionales_de_enfermera.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000e4f1.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xE4F1 | 5208 bytes |
SHA-256: 3bb2cdf587ddfe248fc7c48f4c48345ac82b08631179c880dccc155d402ad117 |
|||
font_01_sfnt_off0000f6ab.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xF6AB | 10460 bytes |
SHA-256: f345375c3f863ff49f45e4d26a5ad8509b1978a9a9184e7d147a151c07cfc643 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.