MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
This PDF document was flagged as malicious by ClamAV and an ML classifier. The file embeds external URLs that direct users to attacker-controlled resources. Specific URLs and indicators for this sample are listed in the indicators section.
Machine Learning
- Nyx PDF Classifier malicious score 0.9991
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://xajibur.ru/123?utm_term=canada+passport+application+renewal+form PDF link annotation
- https://cdn-cms.f-static.net/uploads/4489412/normal_605307b380831.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4366397/normal_603c17e42c17d.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4411709/normal_5fcc72abbb1d5.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4374847/normal_606731e205018.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4424985/normal_5fc69d58a38a8.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4369487/normal_6045f847bbfe6.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4446759/normal_600d8a3ab3a7f.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4414161/normal_6042d7c7970b5.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4377938/normal_604f14cd539a5.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4378379/normal_606b3a7e31a1b.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4495858/normal_60208b9c1ef57.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4425211/normal_604d7e3f3f533.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://uploads.strikinglycdn.com/files/31639b5b-2023-4d90-bbe5-bdfded260327/are_potatoes_good_for_dogs_with_liver_disease.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/430282e0-5cc6-4c80-b01e-3f807fc48a8b/palme_yaynlar_11_snf_biyoloji_soru_bankas_zmleri.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/f7750d8d-15ee-4a2e-8fdb-7134bb3c7f86/co_active_coaching_questions.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/92aef1dc-b857-4882-aa42-73715a3f3d2c/top_bookshelf_speakers_for_home_theater.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/dfb67ebb-8fbb-46ec-b97d-172c2d9bb3ff/nawuwizinuzodogovubo.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/f2884063-9bbb-4ade-ac82-4564e1ce0d56/how_to_hook_up_ilive_soundbar_to_samsung_smart_tv.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/3cfb89d9-6f2b-4de3-af0b-ddf1c14757d5/ziletukufeduvawe.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/1a6bd343-1af6-4fd0-93c9-230686981ee3/gigerukobe.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/30271d89-5818-4094-bf84-fd3ce7c898a4/85872477395.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/5311e231-5175-47d4-b427-aa5bf23ccaea/rijadubigixatok.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/d86717f6-2340-4df7-b822-4d11fc0b35c3/tulej.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/da6f6265-fc53-4b26-a141-e72a5dc9c8b4/jogororijagenutovagezejoj.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000de9d.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xDE9D | 5296 bytes |
SHA-256: 8c1dbe83d3e877bc508781bfe99cb42a5a360582586cad10217d2800d958a17f |
|||
font_01_sfnt_off0000f09e.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xF09E | 10744 bytes |
SHA-256: 2aa2650da711e0452bfa69b45ee9aec9b4e8f08d18054a0781589a17fde79092 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.