MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF file was detected as malicious by ML classifiers and ClamAV, specifically identified as a phishing trojan. It contains an embedded URL pointing to 'traffine.ru', which is likely used to deliver a secondary payload or redirect the user to a phishing site. The document body, though heavily obfuscated, suggests a lure related to software, specifically a 'chromatic tuner'.
Machine Learning
- Nyx PDF Classifier malicious score 0.9998
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://traffine.ru/strik?utm_term=fine+chromatic+tuner+for+windows+10
- https://cdn-cms.f-static.net/uploads/4403819/normal_5fd220ead1c2c.pdf
- https://cdn-cms.f-static.net/uploads/4365536/normal_5fd38f6902fcc.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://static1.squarespace.com/static/5fce19384e85dd6b2515b854/t/5fce76a6de3c0658535fea91/1607366310845/marketing_strategies_for_small_business_ppt.pdf
- https://static1.squarespace.com/static/5fc27a90c14dfd36fefb8bc0/t/5fc6642c18e72e5fdbb29c14/1606837294197/gegubujabipesuruxemeza.pdf
- https://static1.squarespace.com/static/5fdc9c5f0a190b16b315bd63/t/5fdcd941b53c414880d0cc2a/1608309057494/mifedalu.pdf
- https://static1.squarespace.com/static/5fc6d7d981fec009683e6755/t/5fcc0cfc1e1a4d7de1178c46/1607208188428/allo_allo_imdb.pdf
- https://uploads.strikinglycdn.com/files/c860e920-6818-4583-9485-67a6fa929627/faniparesurine.pdf
- https://uploads.strikinglycdn.com/files/57d6b409-107e-4eb6-baf7-0458b7636c0d/nadazigilidaburuja.pdf
- https://uploads.strikinglycdn.com/files/f7e87cd9-3bfb-41e5-a010-e8de7c3b8c06/nce_power_cab_reset.pdf
- https://s3.amazonaws.com/tikoweravisixu/reading_academic_module_practice_test_2_answers.pdf
- https://uploads.strikinglycdn.com/files/6abd2b42-019c-4f9a-a2ea-be5ac405710c/konijiwapo.pdf
- https://uploads.strikinglycdn.com/files/820e0260-4db2-461c-9482-9ebc7554a190/33559109048.pdf
- https://static1.squarespace.com/static/5fc27e990a2757459bed0688/t/5fc5879c4e98326c02ce5b38/1606780830898/how_big_is_a_football_field_in_square_feet.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000c6fe.bin7e2d3cd8e04394c016ed7571786f3743ccd04cdef12d1da10faf449f4031493f |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xC6FE | 5468 bytes |
font_01_sfnt_off0000d983.bin5e74f999f9f48c70cf0beaa1f0cf5377896c96415384c02912fcc0940b10f5b5 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xD983 | 10876 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.