MALICIOUS
154
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF contains a critical heuristic firing for a malicious redirector link, pointing to 'https://crophysi.ru/strik?utm_term=john+deere+250+skid+steer+manual+pdf'. This URL is likely used to deliver a malicious payload or phish for credentials. The ML classifier also flagged this PDF with a high probability of being malicious. No scripts were extracted, but the embedded URL is the primary indicator of malicious intent.
Machine Learning
- Nyx PDF Classifier malicious score 0.9992
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://crophysi.ru/strik?utm_term=john+deere+250+skid+steer+manual+pdf In PDF document text
- https://static.s123-cdn-static.com/uploads/4402488/normal_5ff1ae383c7fa.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4420906/normal_5fcf61eacc627.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4426688/normal_60309e17ecd14.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4453528/normal_600c12a49ec3b.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4388825/normal_602a25e339c40.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4366367/normal_602528ebb2b28.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4375358/normal_604f81339a5da.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4493545/normal_60693b0b9d3b5.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://uploads.strikinglycdn.com/files/beaf480c-e47e-439b-995e-f9513225d5e2/how_to_do_referencing_in_apa_style.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/8acbc021-9be3-4779-bbd7-e0779621b7c5/beats_studio_4.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/b3b1116e-5c48-4391-9940-e0948ff354ae/89066748651.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/c78ab0a7-e1f6-473b-9f3f-b7fc178991b2/is_there_a_fifth_hunger_games_book.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/40097fde-3fa6-4bf0-b342-c6bcd59214fb/81712667171.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/222edaf8-aedd-4e09-88c8-0d6ec1d2d584/omron_h3cr-a_wiring_diagram.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/cf2c3fed-4b94-463c-9e62-384803a7fca6/nopupazowewikeduse.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/a9d39351-dae4-4408-a9e0-9b9306ec0fbe/can_i_terminate_my_house_rental_agreement_early.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/ac2f5907-a740-48b1-b97b-61bfcef4d653/28690421250.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/2a65241d-8aef-4e8b-8091-dd47721754e8/32586691435.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/d7615709-bff1-4ca2-8fed-bfcaeb50f80e/manual_de_gramatica_eleanor_dozier_zulma_iguina.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/95066f19-d646-42fb-964c-556eee3940ee/gutapevedevizaj.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/4084276d-1459-4eb5-92c1-c9298ee2c4e2/kavaxuwoxesozig.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/e394bb48-6a08-4520-9d5e-c1e7472137cf/81630570331.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/1a6f42a4-705a-4015-a3b0-9c1a1898e109/70483889794.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/b7611bde-0776-46e6-96d8-a42b60dd36ad/criminal_law_examples_philippines.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/0230dd97-0286-41ca-9b03-1e95cbc43de5/how_to_install_techstream_on_windows_xp.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000f6b0.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xF6B0 | 5732 bytes |
SHA-256: a59cecf27eeada3dc7f4d2d769bed991aa54b466c20628a681f13f07c3b12512 |
|||
font_01_sfnt_off00010a01.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x10A01 | 9988 bytes |
SHA-256: d303ee8e85c56ea16c90eaade07c86ea6ecac27169f1a3b1636c68c7a8e4b544 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.