MALICIOUS
116
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The file is a PDF document flagged by ClamAV as a phishing trojan and by an ML classifier as malicious. Heuristics indicate it contains an external URI and a callback phishing lure, suggesting it aims to trick users into calling a fraudulent number. No scripts were extracted, but the presence of a malicious URL points to a phishing attempt.
Machine Learning
- Nyx PDF Classifier malicious score 0.9992
Heuristics 5
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
Callback phishing phone lure medium SE_CALLBACK_LUREDocument asks the user to call a phone number in billing, refund, subscription, fraud, or security context — consistent with callback phishing or tech-support scam patterns. Suppressed for legitimate-issuer (IRS/gov/official-form) documents that carry no urgency or charge/dispute escalation.
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://bologen.ru/strik?utm_term=pbe+engage+my+apk+download PDF link annotation
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- http://www.daltonmaag.com/In PDF document text
- https://uploads.strikinglycdn.com/files/8d69f609-8b69-4901-bde1-974ca0463d5c/78997343874.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/9bcd3983-6d1a-4ca6-9f50-239e2f33c625/waxoxutoxof.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/b06e2bdc-283f-4a01-a9a4-c270183d0094/recorder_karate_yellow_belt_song_gently_sleep.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/c0504897-4dbf-4565-9eda-c383317c507f/america_the_story_of_us_film_guide_episode_1_rebels_answer_key.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/7e5ec800-cfcd-4d0f-b92a-54f360e885b9/91056859030.pdfIn PDF document text
- https://s3.amazonaws.com/kelukakeb/fimowunofujex.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/320dd1ef-37c8-410e-adf5-38f40747611c/79575411848.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/9758a568-9d92-42da-9294-eee65562420b/gogatof.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/4f8a50ac-c78d-4aa5-afc2-fe13cc546831/metaphysics_aristotle_explained.pdfIn PDF document text
- https://s3.amazonaws.com/fodose/tax_invoice_spreadsheet_template.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/a7809040-5664-4e92-88ec-019970f42080/digital_photography_guide.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/a7a70aad-2c7d-4647-a7dc-079f84ffe199/self_confidence_worksheet.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/cfbf9e31-c4c0-429b-b11e-0ec9fc8866e5/interview_questions_with_answers_free_download.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/87b0dce0-825f-4fed-ac54-1fc47fe43ad0/how_do_you_send_bitcoin_on_cash_app.pdfIn PDF document text
- https://s3.amazonaws.com/fajetufekejo/what_is_the_mood_of_the_ministers_black_veil.pdfIn PDF document text
- https://s3.amazonaws.com/salosibejodod/chapter_2_animal_farm_questions_and_answers.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/083ad546-0d9f-4b1b-b13a-b5f62ed60da6/us_history_chapter_9_questions_quizlet.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/72f39691-c2dc-4529-9763-a684d4098455/dream_meaning_snake_laying_eggs.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/b69eaa50-1db9-4f50-b60d-974b1de37539/tomugewi.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
- http://dejavu.sourceforge.netIn PDF document text
- http://dejavu.sourceforge.net/wiki/index.php/LicenseIn PDF document text
Extracted artifacts 5
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000f908.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xF908 | 5740 bytes |
SHA-256: 523d52d19f6621f87cb7bf3c273671d4530a38eba2a24726440e9e455e52894d |
|||
font_01_sfnt_off00010cb7.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x10CB7 | 5064 bytes |
SHA-256: 6109a013ca4eed90aed6fa2e508e196970b937abcdf7d7186e821e07b41ec6d9 |
|||
font_02_sfnt_off00011de8.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x11DE8 | 11604 bytes |
SHA-256: a1820ace57db7542ba9b15b414911c37ece50daf8017093fafc45ca0cf543753 |
|||
font_03_sfnt_off0001459a.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1459A | 16092 bytes |
SHA-256: 39b2f4b99ee08965fd4836f89f628a00cde8346cb181131bba0308e80db8fb67 |
|||
font_04_sfnt_off00015a61.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x15A61 | 4324 bytes |
SHA-256: 05d2457133b820fa77aa358e30e9acfbad3f04c46ced9a37296d9311117db176 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.