MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF file was flagged as malicious by ML classifiers and ClamAV, indicating a high likelihood of malicious intent. It contains an embedded URL pointing to 'traffine.ru', which is likely part of a phishing or scam campaign. The document body, though heavily obfuscated, contains text fragments suggesting a technical support lure related to a malfunctioning LCD display, aligning with the phishing attack pattern.
Machine Learning
- Nyx PDF Classifier malicious score 0.9998
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://traffine.ru/strik?utm_term=you%2527re+troubleshooting+a+malfunctioning+lcd+display
- https://cdn-cms.f-static.net/uploads/4499317/normal_5fbb23e30619e.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://static1.squarespace.com/static/5fc4cc22affbf90a66037377/t/5fcae1f8190ee82df8d16f8d/1607131641234/sebij.pdf
- https://static1.squarespace.com/static/5fc7b295abffab30daadc730/t/5fd6a2d0dca22152604c19ad/1607901906244/internal_bimanual_compression_of_the_uterus.pdf
- https://static1.squarespace.com/static/5fbce344be7cfc36344e8aaf/t/5fbcf480cc750a3b5a055283/1606218881115/harvest_intermediate_chinese_textbook.pdf
- https://uploads.strikinglycdn.com/files/55021f41-85a0-4563-bcf8-2a08c35fd40b/bofibofumolala.pdf
- https://static1.squarespace.com/static/5fc792d6717a0f60c4041ff2/t/5fc92018efad832ad786ea36/1607016474040/sparkle_drop_free_coin_game_8_ball_pool.pdf
- https://s3.amazonaws.com/zuguvoxoki/sharper_image_weather_station_user_manual.pdf
- https://s3.amazonaws.com/gujutavevive/podejujeze.pdf
- https://s3.amazonaws.com/mixanaz/printable_shirt_template_free.pdf
- https://s3.amazonaws.com/fapaga/character_and_characterization_animal_farm.pdf
- https://s3.amazonaws.com/xuzed/67233896026.pdf
- https://static1.squarespace.com/static/5fc58438403f5353fdb4dc20/t/5fce05225177ea328ce83695/1607337251521/36277368880.pdf
- https://uploads.strikinglycdn.com/files/d6ac7d2b-ab76-48b1-a184-9515104f14c5/52532859191.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000c9d0.bina36bf69904d6cc719dcbf7a378b564f66912dd4da348b509a402929c2ebe10bd |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xC9D0 | 5808 bytes |
font_01_sfnt_off0000dd79.bin66ab46510f8d6cad0d349031740e745723a72d6aa973922da561e837bc81399f |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xDD79 | 9820 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.