MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The file is a PDF document that contains an embedded URL pointing to a suspicious domain, identified by ClamAV as a phishing trojan. The ML classifier also strongly indicated maliciousness. The document body, though heavily obfuscated, appears to be a lure related to professional references, suggesting a phishing attempt.
Machine Learning
- Nyx PDF Classifier malicious score 0.9998
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://traffine.ru/aws?utm_term=professional+references+template+pdf
- https://cdn-cms.f-static.net/uploads/4374847/normal_5fbbccc970695.pdf
- https://cdn-cms.f-static.net/uploads/4369793/normal_5f97c27a47d10.pdf
- https://cdn-cms.f-static.net/uploads/4458631/normal_5fa7ff2f22075.pdf
- https://cdn-cms.f-static.net/uploads/4377120/normal_5f9266a4f1b09.pdf
- https://cdn-cms.f-static.net/uploads/4410190/normal_5fbe8a433d488.pdf
- https://cdn-cms.f-static.net/uploads/4408701/normal_5f992e61be0ba.pdf
- https://cdn-cms.f-static.net/uploads/4386622/normal_5f8e2ac2c79dc.pdf
- https://cdn-cms.f-static.net/uploads/4378390/normal_5f8e61af9ced7.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://uploads.strikinglycdn.com/files/af257b0f-6280-4301-8fda-8072d5512566/liner.pdf
- https://s3.amazonaws.com/piwupevivotixi/vafojod.pdf
- https://uploads.strikinglycdn.com/files/71b4fb52-504f-4cb6-9692-021f7b4f0d70/2561904178.pdf
- https://uploads.strikinglycdn.com/files/c97310e5-48df-413e-9d45-5dcc0bab262a/26310732876.pdf
- https://uploads.strikinglycdn.com/files/fae19e9a-e195-4abb-980b-0328b735ce3e/71979724292.pdf
- https://uploads.strikinglycdn.com/files/15b402ca-89bc-4388-9e7c-86ab2595998d/yamaha_thr10_patches.pdf
- https://s3.amazonaws.com/zirojopemup/congenital_heart_disease_download.pdf
- https://uploads.strikinglycdn.com/files/f9c92b32-42b5-4d38-8637-73c8eb427f5f/chinese_new_year_clothes_for_boy.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000eb7e.bina2e3be737698bd0293cab313a3def4d0d87a5f1b898e223dc074a3ce33df8032 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xEB7E | 5300 bytes |
font_01_sfnt_off0000fd6f.bin49e6781ad8ba1bceb7532878966e347287afa189e00ba957ed57fc5cc17b4357 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xFD6F | 10164 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.