SUSPICIOUS
36
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
This PDF document was flagged as suspicious by an ML classifier. The file embeds external URLs that direct users to attacker-controlled resources. Specific URLs and indicators for this sample are listed in the indicators section.
Machine Learning
- Nyx PDF Classifier malicious score 1.0000
Heuristics 3
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://traffine.ru/aws?keyword=transferring+google+photos+to+pc PDF link annotation
- https://cdn-cms.f-static.net/uploads/4372105/normal_5f9b995382534.pdfIn PDF document text
- https://dowikonusinewe.weebly.com/uploads/1/3/4/3/134374018/futumi_jijifoje_jebelirejuxe.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4380883/normal_5f8e17f885b87.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4366400/normal_5fa239bce23ca.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- http://www.daltonmaag.com/In PDF document text
- https://uploads.strikinglycdn.com/files/e5e83e43-ac91-4546-8dbe-2e01140333af/48040681960.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/a31b8592-16ee-4a85-ac56-a62189615aa1/debedikabeseragujijubap.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/85161382-6847-4cc3-a591-755c4536de7d/rulesovadupadapunuberifu.pdfIn PDF document text
- https://s3.amazonaws.com/tokit/mokemadog.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/27c6572b-00dd-4dec-ab79-a6d6969bc735/peter_pan_la_gran_aventura_pelicula_completa_en_espaol_latino.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/91b6a7f5-2472-4cd1-9bc3-054c3274a1af/65883548618.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/beacb3b3-3272-44ca-9da3-95ccacf06044/revedupu.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/0aa78cd7-3170-4690-970f-10675ea38ff3/jubezojukowof.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000084d9.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x84D9 | 5012 bytes |
SHA-256: 435aaae5556f5602bbe4297ed78a330f774523b785341dcda7000eb51a600b3f |
|||
font_01_sfnt_off000095d5.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x95D5 | 10512 bytes |
SHA-256: 6bb2698b01e108aaf591c493d1e8a6016ab8d57524aa0566c6ed4446cbb9ad6d |
|||
font_02_sfnt_off0000b9cc.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xB9CC | 4324 bytes |
SHA-256: d1f4a20f0e35a0564be54678b929bb8c711862c507f070c2b9a6abea8daf4378 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.