MALICIOUS
104
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1203 Exploitation for Client Execution
The PDF file was flagged by a machine learning classifier and ClamAV as malicious, specifically identified as a phishing trojan. It contains an embedded URL that likely serves as a lure for downloading a malicious application, indicated by the presence of a 'download button' heuristic. The document's content, though partially garbled, suggests a lure related to 'smashy road mod apk'.
Machine Learning
- Nyx PDF Classifier malicious score 0.9998
Heuristics 5
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTONDocument contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://traffnew.ru/strik?utm_term=smashy+road+mod+apk
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://uploads.strikinglycdn.com/files/47f90058-c5c5-4261-86b7-2aca919b7270/nelowamafukirefirezawusag.pdf
- https://uploads.strikinglycdn.com/files/b0948a03-bcec-48f8-b61d-2f1e552b91fe/zupisureropepa.pdf
- https://uploads.strikinglycdn.com/files/7df9c7c9-96ab-403d-aedc-50994a0a4803/39936753221.pdf
- https://s3.amazonaws.com/zijivevip/edible_printed_icing_sheets_near_me.pdf
- https://uploads.strikinglycdn.com/files/348064d7-75a1-44cc-879c-07b7c6a5f257/who_is_max_s_mom_disney.pdf
- https://uploads.strikinglycdn.com/files/828872a5-9f5a-4e35-9dcf-f0418aa59ced/tobiluvegusumajale.pdf
- https://s3.amazonaws.com/xebuvuwov/super_god_gene_thai.pdf
- https://uploads.strikinglycdn.com/files/6f89109d-8e9a-4d57-b134-3e0b268b0d8f/sikowomoritoxenekani.pdf
- https://uploads.strikinglycdn.com/files/00cf8ffb-611d-45a9-b198-eb31ec4ca1d1/lenobotalukituroterus.pdf
- https://uploads.strikinglycdn.com/files/c9e96a8d-c02b-45c5-9e93-6081be9e65aa/tenosipujezegivoti.pdf
- https://uploads.strikinglycdn.com/files/79e41156-c67d-4172-aef6-b90280e0c63d/36188224870.pdf
- https://uploads.strikinglycdn.com/files/dc278a26-fdda-4532-b23b-194792f50d45/11196624653.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000c406.bin0f77ab19ca589a40e3b0b51147647314b3e95087a304bac82037d8906ef50384 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xC406 | 5436 bytes |
font_01_sfnt_off0000d65a.binaa6e51e654300acb1e7172c2af5b534ae6438c4a31a515e1bc773bf5bddfbafd |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xD65A | 10360 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.