MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
This PDF document was flagged as malicious by ClamAV and an ML classifier. The file embeds external URLs that direct users to attacker-controlled resources. Specific URLs and indicators for this sample are listed in the indicators section.
Machine Learning
- Nyx PDF Classifier malicious score 0.9538
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://lozipotod.ru/123?utm_term=grapplers+guide+3.+0 PDF link annotation
- https://cdn-cms.f-static.net/uploads/4405208/normal_600df7e4d4dbc.pdfIn PDF document text
- https://judurufag.weebly.com/uploads/1/3/4/6/134688768/bejeku_wovibonupipojo_relulitevo_kekuguk.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4393348/normal_60679ee477e37.pdfIn PDF document text
- https://tuboxivodase.weebly.com/uploads/1/3/4/3/134387713/9068203.pdfIn PDF document text
- https://static.s123-cdn-static-d.com/uploads/4426271/normal_60b00cd25ef69.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4377924/normal_5fe932ade95a3.pdfIn PDF document text
- https://sigegasolo.weebly.com/uploads/1/3/4/7/134732441/lawexi.pdfIn PDF document text
- https://xizotikozuza.weebly.com/uploads/1/3/4/5/134587863/35437172bdf1c57.pdfIn PDF document text
- https://fitulepam.weebly.com/uploads/1/3/0/8/130874207/bupebobosajuti_fijijedewu_naranelok_riniworawaze.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4488315/normal_603edafa1ad76.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- http://www.daltonmaag.com/In PDF document text
- https://uploads.strikinglycdn.com/files/cb83ca40-15c2-4fde-b53d-44efca077f60/1130882175.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/d1cf6afb-fba2-45d4-8a89-52c0f10f442c/stock_market_trading_in_india.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/75f4e779-a0e3-457a-b22f-19468618b542/is_dog_lucky_in_2020.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/6117c891-a8a6-46af-b21b-f85a7bbd87a8/presto_cool_daddy_deep_fryer_05442.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/b9f6c652-43de-49f5-adf2-18ed53b9874c/the_devil_wears_prada_watch_online_netflix.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/9c91c64d-be73-4122-b875-ddcbe9ce7999/55257192247.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/f8543597-6b4b-492b-a858-88e0abdc3c81/95634506019.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/18e2b0a7-d04d-4cb2-9611-3a258f067714/89879462287.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/9c018bac-3d00-45f2-8240-c6330bd5dc04/povaxefakovazumixupa.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/2b4c70a6-2a80-4213-9d01-7f97ae2dc803/44637825180.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/8d2d6e18-7a35-45d3-8187-714c0459f237/starcraft_2_freezing_during_gameplay.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
- http://dejavu.sourceforge.netIn PDF document text
- http://dejavu.sourceforge.net/wiki/index.php/LicenseIn PDF document text
Extracted artifacts 4
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0003fda3.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x3FDA3 | 5084 bytes |
SHA-256: ded737b363b7b511bf2fa0b55638543813cf631966a5779e66e088da6b77f29c |
|||
font_01_sfnt_off00040efe.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x40EFE | 12288 bytes |
SHA-256: 28df10f12334c824c44c2665e637442bde1c154cefb74decfd8faaa97cfeef26 |
|||
font_02_sfnt_off000438ed.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x438ED | 16204 bytes |
SHA-256: 541fa2b6826b0add99b7d5a173ef1e6a5567607b5192f75b810eb17d6a563501 |
|||
font_03_sfnt_off00044e1b.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x44E1B | 4324 bytes |
SHA-256: 1062cd8ddf90f4344fa193b395386d5669df1a952e5759311ca261a71931f361 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.