MALICIOUS
194
Risk Score
Machine Learning
- Nyx PDF Classifier malicious score 0.9650
Heuristics 7
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
Brand-impersonation credential phishing lure critical SE_BRAND_CREDENTIAL_PHISHDocument impersonates a well-known consumer brand and uses account-security / verification language ('unusual activity', 'account on hold', 'verify your account') to steer the reader to a credential-harvesting link. Corroborated by: action link to abused redirector https://xokivakevaliguw.weebly.com/uploads/1/4/1/3/141355228/8093517.pdf.
-
Small PDF is a non-clustered link farm on disposable hosting medium PDF_SEO_DISPOSABLE_LINK_FARMSmall PDF contains many clickable external PDF links spread thin across many distinct hosts (no single dominant host), corroborated by a utm_term SEO-redirector link and/or links parked on free/disposable content hosts. This is the 'free document/template' SEO phishing PDF family, which ranks for search queries and routes users into payload/redirect chains, rather than a normal document citation pattern. The PDF itself carries no exploit — the risk is the linked destinations.
-
Embedded JS stream low PDF_JSPDF references a /JS stream. Generic JavaScript is common in benign forms; specific dangerous APIs are scored by separate rules.
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ragaz.co.za/YmrXLWy8?keyword=adding%20and%20subtracting%20money%20using%20graphing%20grid%20worksheets%20answers%20answer PDF link annotation
- https://songhong-thudo.com/img/files/73316951914.pdfIn PDF document text
- http://www.aippc.net/kcfinder/upload/files/17401407586.pdfIn PDF document text
- http://lumieretvie.com/userfiles/file/48154846819.pdfIn PDF document text
- https://xokivakevaliguw.weebly.com/uploads/1/4/1/3/141355228/8093517.pdfIn PDF document text
- http://tungalag.mn/userfiles/files/kolozefufedosotaremokurep.pdfIn PDF document text
- https://sweetburden.com/upload/users/files/35281381340.pdfIn PDF document text
- https://rutelixiriselop.weebly.com/uploads/1/3/4/7/134748314/13f39d34304705.pdfIn PDF document text
- https://silalaverenaga.weebly.com/uploads/1/3/4/5/134529183/278398.pdfIn PDF document text
- https://kujakaxu.weebly.com/uploads/1/3/5/3/135347331/3420f0.pdfIn PDF document text
- http://ifaistos.reality.gr/~triantaf/images/file/kinad.pdfIn PDF document text
- https://rinosebamajipem.weebly.com/uploads/1/3/4/6/134694393/476508.pdfIn PDF document text
- http://bedrucken24.de/userfiles/file/sefimumerumazebu.pdfIn PDF document text
- https://arad.hu/files/files/49878474205.pdfIn PDF document text
- http://alltimescare.com/attachment/files/6779024389.pdfIn PDF document text
- http://iiiemjobs.com/FCK_Editor_Images/files/70435891483.pdfIn PDF document text
- https://komawefumalig.weebly.com/uploads/1/4/1/5/141514646/zexanu.pdfIn PDF document text
- https://readxyz.com/wp-content/plugins/super-forms/uploads/php/files/2caca646689f6d7fba8f480be4d2bf14/fivamufavusadijamase.pdfIn PDF document text
- http://daiichihousing.net/uploads/news_file/bilutejaviketerowerus.pdfIn PDF document text
- http://becro-plast.hr/wp-content/plugins/formcraft/file-upload/server/content/files/162999833a22a9---kixatolinoziwipodikaxap.pdfIn PDF document text
- https://orangevelodrometrail.fr/img/uploads/files/sawirilufurijigejek.pdfIn PDF document text
- https://twojeloty.pl/admin/kcfinder/upload/files/ruminojutimokawux.pdfIn PDF document text
- https://wuserugojikenek.weebly.com/uploads/1/3/4/5/134513610/ruzuxulu.pdfIn PDF document text
- https://fisotewefupug.weebly.com/uploads/1/3/1/0/131071176/7406635.pdfIn PDF document text
- https://biomisszio.hu/tmp/72480242789.pdfIn PDF document text
- https://www.montferri.com/admin/js/plugins/kcfinder/upload/files/kafemenifuwik.pdfIn PDF document text
- https://fevegukiso.weebly.com/uploads/1/3/1/4/131482975/josopulorok.pdfIn PDF document text
- https://hklh.vip/data/attachment/file/82223745630.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://dejavu.sourceforge.netIn extracted file (font_00_sfnt_off00010425.bin)
- http://dejavu.sourceforge.net/wiki/index.php/LicenseIn extracted file (font_00_sfnt_off00010425.bin)
Extracted artifacts 4
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00010425.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x10425 | 16336 bytes |
SHA-256: adf38969d40f501586e0caf93d33991e243baeeecfe575c4831cdbf64b7044fa |
|||
font_01_sfnt_off00011a27.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x11A27 | 16792 bytes |
SHA-256: 9d2294e344127da9ddc2b77d68b1576b6b78373885bc9da2859f180a98f2c1e1 |
|||
font_02_sfnt_off0001323e.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1323E | 11428 bytes |
SHA-256: b83ceda142c618fe640fa1f5eb75851c7062ecdd983e51b96f50c298546d2813 |
|||
font_03_sfnt_off00014cc6.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x14CC6 | 18820 bytes |
SHA-256: 33adc533c1cbc8f661208f18229438a9e56be00aed2a94b55b21863b0f34c92a |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.