MALICIOUS
154
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF contains a link to a known malicious redirector, indicating an attempt to phish or deliver malware. The ML classifier and ClamAV detection strongly support a malicious classification. Although no scripts were extracted, the presence of a malicious URL within the document body suggests a phishing or redirection attack.
Machine Learning
- Nyx PDF Classifier malicious score 0.9995
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://cctraff.ru/strik?utm_term=how+to+date+a+magical+girl In PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://s3.amazonaws.com/bisazabe/bksblive_test_answers.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/89f40923-0ee3-4d38-af87-ede105566a29/67904145121.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/37b474f9-2db4-4769-a106-e8ab4dca58a1/87590321301.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/84ee7c0e-f9d9-4846-9fbc-7e6bde5eaea5/vukasedirarib.pdfIn PDF document text
- https://s3.amazonaws.com/debamijizozexo/lomalotazosovofo.pdfIn PDF document text
- https://static1.squarespace.com/static/5fc0e93ce5c7695ca99badce/t/5fcf6dae14319a51dc31ef86/1607429551910/helicopter_2k20_park.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/d6e1a4a1-4411-4283-9624-f4227c872e09/the_new_business_road_test_5th_edition.pdfIn PDF document text
- https://static1.squarespace.com/static/5fc0e1846b97992eb55bfc03/t/5fc3525e7acac6192a2ac3af/1606636126717/can_mobs_spawn_on_glass.pdfIn PDF document text
- https://s3.amazonaws.com/laradusa/9231305288.pdfIn PDF document text
- https://s3.amazonaws.com/tawosutosuxi/49063609599.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000de70.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xDE70 | 5136 bytes |
SHA-256: e75bac369d57b643c161b798d3996e36d41beea7e723fe137e1c5cf5916cef1c |
|||
font_01_sfnt_off0000efe0.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xEFE0 | 10764 bytes |
SHA-256: 76ab745e014362d0bca2c346684c89a4984b4a497e2f23b64f180a5c3162a220 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.