MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
This PDF document was flagged as malicious by ClamAV and an ML classifier. The file embeds external URLs that direct users to attacker-controlled resources. Specific URLs and indicators for this sample are listed in the indicators section.
Machine Learning
- Nyx PDF Classifier malicious score 0.9998
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://trafftec.ru/wb?keyword=camera%20raw%208.%206%20%20mac PDF link annotation
- https://cdn-cms.f-static.net/uploads/4412606/normal_5f9cf61c3cb83.pdfIn PDF document text
- https://wabozejitikaz.weebly.com/uploads/1/3/4/4/134495441/3411806.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://static1.squarespace.com/static/5fc0dde4403f5353fd9590af/t/5fc3f7caf3de5e49b5df5408/1606678474922/rigubamokuj.pdfIn PDF document text
- https://s3.amazonaws.com/tikoweravisixu/temple_of_saturn_forum.pdfIn PDF document text
- https://static1.squarespace.com/static/5fc1c3d140f1034a5caf136a/t/5fc2baf7145a8629dc0a6732/1606597368060/the_book_thief_activities.pdfIn PDF document text
- https://s3.amazonaws.com/jivuxo/93559803945.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/90b60b6b-1d47-4dca-b69f-24f371e89ef3/el_arte_de_la_danza.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/b30c6755-cd68-40ce-a979-ec52ec52b0af/wasteland_warlord_perk.pdfIn PDF document text
- https://static1.squarespace.com/static/5fbce344be7cfc36344e8aaf/t/5fbd0cf96a371610b8797577/1606225167142/17421660408.pdfIn PDF document text
- https://static1.squarespace.com/static/5fbffbf92e34347c703edab4/t/5fc10dc43c6ccf69f3831e3b/1606487493097/rimelezupototup.pdfIn PDF document text
- https://s3.amazonaws.com/gumagabu/aero_performance_west_chicago.pdfIn PDF document text
- https://static1.squarespace.com/static/5fc0dc532e34347c7043ce2c/t/5fc102957acac6192ae4b8a9/1606484629857/jiluwem.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/183876a4-abd5-4676-9be1-1929b8bdb74f/buxakezupepibipurum.pdfIn PDF document text
- https://s3.amazonaws.com/bejexe/can_i_save_google_docs_offline.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000cffb.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xCFFB | 5112 bytes |
SHA-256: 2c2c44ba0734fc3d48da8dcddb245ed68727d64e309acd0af1f18d17fc11d007 |
|||
font_01_sfnt_off0000e15e.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xE15E | 10704 bytes |
SHA-256: 519fa334400a228c90f685f7a406a3d7f9195467c7a31a62273c07413c52c865 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.