MALICIOUS
124
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
The PDF file contains numerous embedded links, many pointing to disposable hosting services, and one specifically to 'pistant.ru' with a suspicious query parameter. Heuristics indicate this is a link farm designed to redirect users, and ClamAV detection confirms it as a phishing trojan. The document body, though heavily obfuscated, contains metadata suggesting it was generated by wkhtmltopdf, a tool sometimes used to create malicious PDFs.
Machine Learning
- Nyx PDF Classifier malicious score 0.6078
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
-
Small PDF is a non-clustered link farm on disposable hosting medium PDF_SEO_DISPOSABLE_LINK_FARMSmall PDF contains many clickable external PDF links spread thin across many distinct hosts (no single dominant host), corroborated by a utm_term SEO-redirector link and/or links parked on free/disposable content hosts. This is the 'free document/template' SEO phishing PDF family, which ranks for search queries and routes users into payload/redirect chains, rather than a normal document citation pattern. The PDF itself carries no exploit — the risk is the linked destinations.
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://pistant.ru/pbw?utm_term=what+is+islam+view+of+salvation PDF link annotation
- https://cdn-cms.f-static.net/uploads/4376869/normal_605f31ae46226.pdfIn PDF document text
- https://vudizexifaret.weebly.com/uploads/1/3/4/3/134314381/bojiw_rutusuji_dulobefiw_giborativuzizaj.pdfIn PDF document text
- https://kebakiwaranug.weebly.com/uploads/1/3/4/3/134317860/7cab4c46a3.pdfIn PDF document text
- https://kemodiduwe.weebly.com/uploads/1/3/4/2/134235489/lokeke.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4414501/normal_60560e3a16e8c.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4388165/normal_6003679264eba.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4447280/normal_5fe485e27881e.pdfIn PDF document text
- https://gomufutezenufi.weebly.com/uploads/1/3/4/6/134677359/tusubo-javiran-guronebitozat.pdfIn PDF document text
- https://kuzasafeg.weebly.com/uploads/1/3/4/5/134586407/0c5b9b574876b05.pdfIn PDF document text
- https://kawikixefi.weebly.com/uploads/1/3/5/3/135388441/ba23743763b6.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4408485/normal_602149346e76e.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4418175/normal_606293c5607df.pdfIn PDF document text
- https://kigimijufofudiv.weebly.com/uploads/1/3/5/9/135977026/pirekajufojuz.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4409621/normal_5fefffd03a058.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/97de3d4b-9456-48b6-ab76-473330c9e913/gogomalo.pdfIn PDF document text
- http://mujefapufefi.pbworks.com/f/congressional_committees_questions_worksheet.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/255885aa-f97c-469f-ae4d-4bfe0e66c87a/actividades_generos_literarios.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/42e4fa08-3397-46e7-94a1-659dda0ba7ac/30405753755.pdfIn PDF document text
- http://pudamalulera.pbworks.com/f/ouk_oyunu_indir_bedava.pdfIn PDF document text
- http://giribuv.pbworks.com/w/file/fetch/144596520/31882169100.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/30da4d7b-2355-466d-b8c9-346ff4df71a8/the_riveras_season_4.pdfIn PDF document text
- http://jifesepapo.pbworks.com/w/file/fetch/144557658/how_to_find_your_best_friends_list_on_snapchat_2020.pdfIn PDF document text
Open this report in the interactive analyzer, or submit your own file for analysis.