MALICIOUS
96
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
This PDF document was flagged as malicious by ClamAV and an ML classifier. The file embeds external URLs that direct users to attacker-controlled resources. Specific URLs and indicators for this sample are listed in the indicators section.
Machine Learning
- Nyx PDF Classifier malicious score 0.9998
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://traffine.ru/strik?utm_term=playstation+5+best+buy+price PDF link annotation
- https://cdn-cms.f-static.net/uploads/4403946/normal_5fd694ed7fa94.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4494874/normal_5fba9e8e065fa.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4417526/normal_5fab3e3ab60b3.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://s3.amazonaws.com/nilititonawafim/11199697964.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/a41d803a-db19-475e-898b-0008d3d03090/zevokinazijududonog.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/0b3f3294-9755-4ffa-a696-8a09439a1a0c/sharepoint_designer_2013_user_guide.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/13d7062f-4316-43c5-a6eb-95e5fe96e4e0/amana_hotel_air_conditioner_manual.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/a92a2204-63db-4dbb-aa57-c5149a97eb8f/bipovemojidazedi.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/7198e68f-e0d5-4be5-9a75-3d5f40842426/75121045269.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/082f6049-fc16-47fb-9e44-ec352c8835c7/xefemidofejilamomukalob.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/78765d58-a204-4586-826f-b75ac49b65e9/kipaxosujajeko.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/6560638d-c6a9-4adc-8aa7-c2cfd5b393bc/continente_americano_con_division_politica.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/399fa191-bc76-4d08-a3df-abf5a2f4bc83/usarec_manual_3-0.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000cc2b.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xCC2B | 5292 bytes |
SHA-256: 97ff4427b833559f492cf809a12fb2c1144a1fec5b1a39a7ed91813357898820 |
|||
font_01_sfnt_off0000de46.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xDE46 | 11088 bytes |
SHA-256: 4ba011cfc92a4c074c1cb1165e498ab9e4d394bca7f62f10416a575f76d54cb0 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.