MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF file was flagged as malicious by ML classifiers and ClamAV, indicating a high likelihood of malicious intent. The embedded URL points to a suspicious domain, suggesting a phishing or malware distribution attempt. Although no scripts were explicitly extracted, the PDF structure and the presence of external URIs are consistent with a phishing lure designed to redirect users to a malicious site.
Machine Learning
- Nyx PDF Classifier malicious score 0.9997
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://trafffe.ru/aws?utm_term=gout+foods+to+avoid+list+pdf PDF link annotation
- https://cdn-cms.f-static.net/uploads/4368497/normal_5f9fff626dad9.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4449000/normal_5fc57751a0d61.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4443809/normal_5f9de3478cb74.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4389601/normal_5f912193e440b.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://uploads.strikinglycdn.com/files/e4752ad9-529d-4cbc-a523-f9a342b5d6bf/mesuv.pdfIn PDF document text
- https://s3.amazonaws.com/jolunenafobuw/rinoduvavokuxoxu.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/7e92b388-5b3f-4712-8a56-6874c55fef30/zobinuzujuvorojila.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/3002b560-3bf4-4333-8d3b-248bc6b18d20/95777283894.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/e29363a6-104b-41c2-b8f5-6cd22bb8b99b/tivepenigomazilunifa.pdfIn PDF document text
- https://s3.amazonaws.com/domegagowevag/aghori_shambhu_dj_remix_song.pdfIn PDF document text
- https://static1.squarespace.com/static/5fc0d33427a199023ab4f616/t/5fc1951ee6d49a06bbce95a7/1606522143462/green_light_ny_senate.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/d40e13e5-95bb-44d9-9a71-e808375a82cc/21653959322.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/53cc22b0-6377-42fa-aa26-c3541815bf0b/44283180208.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000dd39.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xDD39 | 5028 bytes |
SHA-256: 8899daad1ddf691c07a9debc26a25b3edf9d4cd2d1f9718ae0fc091d9b274936 |
|||
font_01_sfnt_off0000ee7a.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xEE7A | 10704 bytes |
SHA-256: 579953eea6cda605d9d0dc31a8a1bd5a35c77af4f9805d6b2e939c704e1f6697 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.