MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
This PDF document was flagged as malicious by ClamAV and an ML classifier. The file embeds external URLs that direct users to attacker-controlled resources. Specific URLs and indicators for this sample are listed in the indicators section.
Machine Learning
- Nyx PDF Classifier malicious score 0.9997
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://traffnew.ru/strik?utm_term=election+2020+free+game+nz PDF link annotation
- https://static.s123-cdn-static.com/uploads/4414334/normal_5fe0fe50eb52b.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://uploads.strikinglycdn.com/files/e3355de4-7ee3-4ae9-87f7-02ce0d696dbb/negin_farsad_instagram.pdfIn PDF document text
- https://s3.amazonaws.com/rezugekolaba/training_peaks_pmc.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/1aa65905-5620-4085-94b5-e005f65b9665/xerakofubape.pdfIn PDF document text
- https://static1.squarespace.com/static/5fc6562327a199023ada57b2/t/5fcf7c201901dd4d2ed66f1b/1607433249960/oscar_the_grouch_inspirational_quotes.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/080f183c-03c2-4b90-bd89-025a47d8ac6b/moviestarplanet_hack_no_survey_really_work.pdfIn PDF document text
- https://s3.amazonaws.com/tuxexi/36957434513.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/6006af2d-02db-4c54-a217-997a008fed77/schwinn_a40_elliptical_used.pdfIn PDF document text
- https://static1.squarespace.com/static/5fc3c655d26ff1194f85c811/t/5fca03bd196a600d3c370c49/1607074750213/83336874956.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/f92097dc-51d3-41d5-9e47-a6b255e50247/congruent_triangles_rules.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/13420e1d-377f-4dc4-b935-a5de300d107e/27784470433.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000ce48.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xCE48 | 5304 bytes |
SHA-256: 2d9a1e135fffd50da15c92640f01cdb2dd39a5143e111f550ce7787708a26389 |
|||
font_01_sfnt_off0000e050.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xE050 | 10744 bytes |
SHA-256: fdc8c8df35af9f125d5230eb2aaef6eb77fd66ab3e7babf49d64bcbae8d0e1f6 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.