MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
This PDF document was flagged as malicious by ClamAV and an ML classifier. The file embeds external URLs that direct users to attacker-controlled resources. Specific URLs and indicators for this sample are listed in the indicators section.
Machine Learning
- Nyx PDF Classifier malicious score 0.9998
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://chcial.ru/pbw?utm_term=best+liquid+diet+for+ulcerative+colitis PDF link annotation
- https://cdn-cms.f-static.net/uploads/4472182/normal_602d3c54c00ef.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4370778/normal_60264e1e99d61.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4485589/normal_604c9d2458e61.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4379032/normal_60464bf22cbfa.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4447267/normal_5fe615f414885.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4480397/normal_603858961f998.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4408596/normal_5fc5bc3e14cf3.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4495399/normal_6050e190dc1fb.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://uploads.strikinglycdn.com/files/2e60ebb6-c6b2-498a-89ee-6fd9b8a4b1aa/verefugezanej.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/4df5085d-8e47-47ca-ae1a-34116622266d/how_to_change_battery_in_2005_lexus_key_fob.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/cf98e74c-e997-4356-b9e1-adfc18c9fa34/dufomeropefefuvaxuzerek.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/f96c5d5e-6a10-4a5d-9420-b23ad3e57171/38325530628.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/62a1ad87-b899-453b-8ec1-a0f7741a3b87/malayalam_guided_creative_visualization_meditation.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/f184b68d-a271-4149-ac7e-60bf81234657/46878541139.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/64ae8f41-2213-4533-b3cd-53e484826e26/81908591252.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/4cadcb2e-9ade-4b11-b397-b3a831b1acb7/how_to_calculate_nerve_conduction_velocity.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/7090e61d-5206-4200-8837-a1f1f2aebcc6/how_to_get_your_gun_permit_in_sc.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/f55bf1e8-2961-4d9a-995d-ac045099c704/ashokan_farewell_sheet_music_piano.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000d7bc.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xD7BC | 5248 bytes |
SHA-256: 8af67760b5c56e6b5abd2b7dada29ef45c62d51a5df28abc96813c75f018138e |
|||
font_01_sfnt_off0000e9ac.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xE9AC | 10684 bytes |
SHA-256: 157dd8be50e72690c889d7432eec1c3f2dbbabc7eca62aa42d0fef2585d28038 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.