MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF file was detected as malicious by ClamAV and an ML classifier, indicating a high likelihood of malicious intent. The embedded URL points to a domain that appears to be involved in distributing malicious content, disguised as a job description. While no scripts were explicitly extracted, the PDF structure and the presence of external URIs suggest it's designed to redirect users to a potentially harmful site.
Machine Learning
- Nyx PDF Classifier malicious score 0.9998
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://traffset.ru/strik?utm_term=social+media+evaluator+jobs+description
- https://cdn-cms.f-static.net/uploads/4379856/normal_5fa778be9c04e.pdf
- https://cdn-cms.f-static.net/uploads/4466175/normal_5faa64e147c6e.pdf
- https://cdn-cms.f-static.net/uploads/4473919/normal_5fb5bb46d0103.pdf
- https://cdn-cms.f-static.net/uploads/4379618/normal_5f90385d4995f.pdf
- https://cdn-cms.f-static.net/uploads/4427506/normal_5fb8e480a0e67.pdf
- https://cdn-cms.f-static.net/uploads/4386836/normal_5f8dde1d570b9.pdf
- https://cdn-cms.f-static.net/uploads/4475728/normal_5fa6462847216.pdf
- https://kutumamam.weebly.com/uploads/1/3/4/8/134893394/daxazejuzo.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://uploads.strikinglycdn.com/files/a0efe8e0-38a8-4f09-9ffe-c4472a646843/13079380091.pdf
- https://uploads.strikinglycdn.com/files/3c0d2e9a-d1cd-49cb-be3d-cc8998e6892c/19446075793.pdf
- https://uploads.strikinglycdn.com/files/ffc604cc-d05c-46ed-915a-b95e66d3b749/65241230661.pdf
- https://uploads.strikinglycdn.com/files/6e8f3c5b-12bd-4f4a-a296-554afacfabff/paradise_lost_multiple_choice_questions.pdf
- https://uploads.strikinglycdn.com/files/9d822fbd-f8eb-463c-900c-47e60ac5bb9c/chella_kutty_song_from_rajini_muruga.pdf
- https://uploads.strikinglycdn.com/files/6eda3ba6-98fd-4999-b050-a5daaaf81cd6/graphic_organizer_online_games.pdf
- https://uploads.strikinglycdn.com/files/fbbe64a7-1fd9-4e5e-a527-38fd122288aa/gallbladder_meridian_point.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000cead.bina86afe907293d920a4b8401421049f702ab8a5197d27a0c61c890aa4ba426b02 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xCEAD | 5596 bytes |
font_01_sfnt_off0000e19f.bin94df68350958ba2f308478ae4e5cdc726ec2fbe0533b43ae46ab62ad6247e93d |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xE19F | 10848 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.