MALICIOUS
136
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
T1203 Exploitation for Client Execution
T1553.005 Security Software Installation
This PDF file was detected as malicious by ClamAV and a machine learning classifier. It contains an embedded URL that directs users to download an application, and a heuristic indicates it instructs the user to disable security software. The presence of these elements suggests a phishing attempt to lure users into downloading potentially harmful software.
Machine Learning
- Nyx PDF Classifier malicious score 0.9964
Heuristics 5
-
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
-
Security software disable instruction high SE_SECURITY_BYPASSDocument instructs the user to disable antivirus or security software — unusual for ordinary documents and high-risk in an unsolicited file
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://dugedepap.ru/123?utm_term=aa+mirror+apk++for+android PDF link annotation
- https://static.s123-cdn-static.com/uploads/4409095/normal_5fcf44c5ba5dc.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4455174/normal_5ff424e40c21f.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4413361/normal_6011e53269ca6.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4451756/normal_603929bbf1146.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4447640/normal_6034ed867b5c8.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4454170/normal_602028c0956cd.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4405440/normal_6068de7975c3b.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4393209/normal_60017734729cd.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4450502/normal_601bcf773126e.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4380883/normal_602239f74f5ea.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4446925/normal_60349abdd5537.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4460686/normal_605fd06637ce4.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://uploads.strikinglycdn.com/files/21ebba84-2c83-4446-b815-196757059454/vigavux.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/48b4c7be-9fa3-479a-8495-122f5e3cf392/breville_juice_fountain_cold_plus_assembly.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/8c529714-b71c-4af5-94c7-cba478a8b4aa/programming_book_bangla.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/fce29dc5-4b5f-4988-ac39-77efb571508c/what_breast_pumps_do_cigna_cover.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/a3be1aac-8baf-4b83-9016-12ad14d584ce/ion_turntable_bluetooth_review.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/2302b5cd-cc03-4bf5-9fea-bec4e0eef5bd/braun_digital_coffee_maker_review.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/820b475b-c87e-4e85-bd98-8869ff240676/8222387056.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/a280f540-659a-4664-b496-aa76ee4d82a2/38007055533.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/3d17562a-18e9-41ea-a474-a8fed59e6d13/finopasuwuvudivaguzez.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/6849956e-5af8-409c-8d29-4c018c5c9dd4/91811190555.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/21358372-5f46-4257-967d-bff41975bcbb/how_does_lobbying_influence_public_policy.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/dac18a8b-e3a8-4570-84b3-d876da3738aa/hd_dvr_car_camera_manual.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/9f81bee7-f6f7-4b8c-8d19-792ba1a5c820/irish_fiddle_violin_sheet_music.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/144bb5ea-b2c9-4857-bbd9-b4d86cda76fe/rivolinudev.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/7c48c5cb-b63a-46e1-b5c6-e35f3dfb007f/student_autopsy_report_sample.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000fc5a.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xFC5A | 5028 bytes |
SHA-256: ea1a1d554adca62e4cf9903c9864f18d673f89a17210f125c9f71a979344bf92 |
|||
font_01_sfnt_off00010d68.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x10D68 | 11176 bytes |
SHA-256: 17a674165e21e3f47f2fdd83016d80d8cb75dfafbab366d8f217779b85324193 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.