MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
This PDF document was flagged as malicious by ClamAV and an ML classifier. The file embeds external URLs that direct users to attacker-controlled resources. Specific URLs and indicators for this sample are listed in the indicators section.
Machine Learning
- Nyx PDF Classifier malicious score 0.9992
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://baarspo.ru/wix?keyword=deanna+richards+decker+nilsson+sixx PDF link annotation
- https://cdn-cms.f-static.net/uploads/4367310/normal_60244dade1f26.pdfIn PDF document text
- https://divozurov.weebly.com/uploads/1/3/1/4/131437474/ximuxaroveb.pdfIn PDF document text
- https://felipivi.weebly.com/uploads/1/3/1/8/131856333/1043868.pdfIn PDF document text
- https://tirawinuzupufe.weebly.com/uploads/1/3/4/4/134445233/ee095804caf0f80.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4459926/normal_5ff62188add02.pdfIn PDF document text
- https://suzeziji.weebly.com/uploads/1/3/0/7/130739492/bofigujinikake_muwefokesu.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4466366/normal_6005fae5dd0b7.pdfIn PDF document text
- https://libadelalisam.weebly.com/uploads/1/3/4/5/134579317/2eaab5c8d732e04.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://s3.amazonaws.com/jenagubadopi/67055114970.pdfIn PDF document text
- https://s3.amazonaws.com/jojitagifuva/diablo_2_1.14_d_maphack_2018_download.pdfIn PDF document text
- http://jedasejikiboj.epizy.com/75808725928.pdfIn PDF document text
- https://s3.amazonaws.com/jixeremipet/jabapafiwelowidakonuza.pdfIn PDF document text
- https://s3.amazonaws.com/zuguvoxoki/79705413103.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/2e6189d4-e3c2-4c40-957f-1e6902ba18ee/kobalt_8_gallon_air_compressor_lowes.pdfIn PDF document text
- http://jikolelekad.epizy.com/50102501718.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/759a53db-7033-46c9-8730-6ecc32b0b7dd/pack_and_play_bassinet_instructions.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/ca017111-b1fb-409e-acd1-51673a18a403/95245952258.pdfIn PDF document text
- https://6c892e0d-5736-4b4a-96a3-cd490fd1fe3d.filesusr.com/ugd/1407cd_ff3b3cd9890d4102b036ec780642eef9.pdf?index=trueIn PDF document text
- https://uploads.strikinglycdn.com/files/b985f397-21a3-484f-80bb-b60e13d7dc7c/48067562518.pdfIn PDF document text
- https://e6676b24-921d-4f57-8fca-beda98688f3c.filesusr.com/ugd/144d27_d798a67a40134e1eae93bd749736e5dc.pdf?index=trueIn PDF document text
- http://zugiwonurubenaz.epizy.com/bls_test_questions_and_answers_2018.pdfIn PDF document text
- http://kudadurazeze.rf.gd/vasuregefivalipejuduv.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/15f72d60-814c-49c5-9188-20879a2eae0d/the_witcher_books_collection_hardcover.pdfIn PDF document text
- http://xumizaxojumiko.epizy.com/daily_attendance_software_free.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00014fed.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x14FED | 5156 bytes |
SHA-256: a8c6b61dc94c85736fc3f6ae444a42bf0d496f37d48caf022bd5f16ecb66a660 |
|||
font_01_sfnt_off00016172.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x16172 | 11692 bytes |
SHA-256: 60fbeb5038c7b51ef73a2a69fc865fae4f5a82fe12e682902874501c0fca2de6 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.