MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF file was detected as malicious by ML classifiers and ClamAV, indicating a high likelihood of malicious intent. An embedded URI points to a suspicious domain, suggesting it's used to host malicious content or redirect users. The document body, though partially garbled, contains text that mimics a book chapter, serving as a lure.
Machine Learning
- Nyx PDF Classifier malicious score 0.9998
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://trafficel.ru/strik?utm_term=the+enjoyment+of+theatre+9th+edition+chapter+1 PDF link annotation
- https://cdn-cms.f-static.net/uploads/4475212/normal_5fa8c14022fff.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://s3.amazonaws.com/dutuzanob/five_guys_application.pdfIn PDF document text
- https://s3.amazonaws.com/geradi/xavewagu.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/ec70cad0-72a3-4bcc-a931-978ef9a777b5/accurate_reloading_manual_download.pdfIn PDF document text
- https://s3.amazonaws.com/pubopelej/vuzemojup.pdfIn PDF document text
- https://s3.amazonaws.com/webipejonavuv/mekosoka.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/ef74ee33-89b2-49a4-b11c-8f1db8b24d5d/gizmo_worksheet_answer_key.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/aa9ab813-84b2-430d-9aee-934e317c0a92/21011732933.pdfIn PDF document text
- https://s3.amazonaws.com/vidadaviwal/29590127541.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/6ad79848-7628-4dac-b3c6-8c67bae9c721/green_springs_elementary_school_calendar.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/2fa3b805-66da-4a4e-9bbb-72e2809afbda/faradowumowasodeguradu.pdfIn PDF document text
- https://s3.amazonaws.com/xajowu/2013_mustang_floor_mats_with_logo.pdfIn PDF document text
- https://s3.amazonaws.com/derefe/78664248326.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000cf66.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xCF66 | 5520 bytes |
SHA-256: 793297c52809ab602eb1e4e025e99c82c4bd9923754eebd72e2c8ab506c0773c |
|||
font_01_sfnt_off0000e216.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xE216 | 10960 bytes |
SHA-256: 525cfe0ed98c53c4e150ed1d3d6534c54389f01c9d557111a288ab6e334bf845 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.