MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The file is a PDF document that contains an embedded URI pointing to a suspicious domain. The ML classifier and ClamAV detection strongly indicate malicious intent. The document body, though heavily obfuscated, appears to be related to product search terms, suggesting a lure for phishing or malware delivery. No scripts were extracted, but the presence of an external URI is a primary indicator of malicious activity.
Machine Learning
- Nyx PDF Classifier malicious score 0.9998
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://baarspo.ru/strik?utm_term=casio+w-201+strap PDF link annotation
- https://cdn-cms.f-static.net/uploads/4476567/normal_603437c442688.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4446273/normal_60520dcb19a8b.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4413346/normal_605d7a0e76ce5.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://uploads.strikinglycdn.com/files/81fc3396-925c-4c8c-b4d4-ba5bf11eb8ae/campo_laboral_de_la_psicologia_clinica.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/18ff21f2-4dd7-4b0f-b3f2-468da1dbe416/skyrim_multiplayer_mod_xbox_one_release_date.pdfIn PDF document text
- https://3557a179-a1ee-4801-a209-85ad6f504536.filesusr.com/ugd/9c409a_e133478fb0294f57bab437cdde9bf6c8.pdf?index=trueIn PDF document text
- https://s3.amazonaws.com/toguvaju/77180131829.pdfIn PDF document text
- https://d5fd0048-bb8d-45a1-ba21-28d1cb0b7162.filesusr.com/ugd/5e8de6_8ee3be4353bd487f9b86d42e9739401f.pdf?index=trueIn PDF document text
- https://fab88ded-2f12-46c9-b6ec-f290036286cc.filesusr.com/ugd/cce69c_863e46c639d7491abc2f148b4f698d8d.pdf?index=trueIn PDF document text
- https://uploads.strikinglycdn.com/files/0475d0a0-5206-46e4-9039-433b392f8b2e/whirlpool_wher25_parts.pdfIn PDF document text
- https://caf0f927-206f-4b4e-aa34-0dd3da53679b.filesusr.com/ugd/83d902_34e3dd7008ef4ed89756b64bb53189c9.pdf?index=trueIn PDF document text
- https://s3.amazonaws.com/bulolimepol/sharp_32_inch_hd_roku_tv_review.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/45c83f5e-ac1c-49c5-89c2-0372466bdf0b/runaway_alice_munro_quotes.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/fda0f93f-9dd6-4bb3-b7b9-ff6850a71316/98913742539.pdfIn PDF document text
- https://s3.amazonaws.com/kagedatabujo/blacklist_software_for_mobile.pdfIn PDF document text
- https://s3.amazonaws.com/mexijegedakol/2018_ferrari_california_0-60.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/c2f7a17e-0311-4aa8-8a4e-babb08958ae3/51840194288.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/60e91142-683b-4a9e-89fb-559bfd0a8d4d/operating_life_cycle_costing_ppt.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- https://savannah.gnu.org/projects/freefont/In PDF document text
- http://www.gnu.org/licenses/In PDF document text
- http://www.gnu.org/copyleft/gpl.htmlIn PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000c923.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xC923 | 6548 bytes |
SHA-256: 370b63e99b3bc2c1d8b7a2bfc1693e0257dccade0e64e814f912f9e1c3af29e8 |
|||
font_01_sfnt_off0000d979.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xD979 | 5136 bytes |
SHA-256: 57e2d7ede46347f9f523c5bd1340955879e51b60aa905344d9b1a415e8467613 |
|||
font_02_sfnt_off0000eb19.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xEB19 | 10908 bytes |
SHA-256: 38e06e0093db9ad802b6ba78e5fadba2b1ce4f13037f7038501abb50e8c21d40 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.