MALICIOUS
184
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1203 Exploitation for Client Execution
This PDF document was flagged as malicious by ClamAV and an ML classifier. The file embeds a large number of external links characteristic of an SEO link farm. Specific URLs and indicators for this sample are listed in the indicators section.
Machine Learning
- Nyx PDF Classifier malicious score 0.8252
Heuristics 5
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
Small PDF is a non-clustered link farm on disposable hosting medium PDF_SEO_DISPOSABLE_LINK_FARMSmall PDF contains many clickable external PDF links spread thin across many distinct hosts (no single dominant host), corroborated by a utm_term SEO-redirector link and/or links parked on free/disposable content hosts. This is the 'free document/template' SEO phishing PDF family, which ranks for search queries and routes users into payload/redirect chains, rather than a normal document citation pattern. The PDF itself carries no exploit — the risk is the linked destinations.
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://mezovuduw.ru/award?keyword=grama+sachivalayam+syllabus+in+telugu+pdf PDF link annotation
- https://befojawukirafa.weebly.com/uploads/1/3/4/8/134855882/139f6c.pdfIn PDF document text
- http://stepka2016.xyz/zorevaparakuzagaduzuxabrh0x7.pdfIn PDF document text
- https://cdn.sqhk.co/xamitarerivu/nghihgg/siminazom.pdfIn PDF document text
- https://dubuzosokiboxof.weebly.com/uploads/1/3/1/1/131163723/7585085.pdfIn PDF document text
- https://cdn.sqhk.co/xazewizol/ggjojg0/dutujigole.pdfIn PDF document text
- https://cdn.sqhk.co/faroziwe/5jejjgi/rexuretewopenopitudu.pdfIn PDF document text
- https://dasiwijumajofep.weebly.com/uploads/1/3/0/7/130739595/2831584.pdfIn PDF document text
- http://topdiscount.pro/integral_of_trig_functions_worksheeti4u5e.pdfIn PDF document text
- https://fofawuparojimi.weebly.com/uploads/1/3/1/0/131070926/gelaji.pdfIn PDF document text
- https://cdn.sqhk.co/sowanigog/dhagihd/defender_hd5_dps_specs.pdfIn PDF document text
- http://ufenmac.com/38711986510yrfae.pdfIn PDF document text
- http://helpcontactform.com/49699937501l3ezu.pdfIn PDF document text
- https://cdn.sqhk.co/gevajoke/ij6hbPE/flying_monkey_jeans_review.pdfIn PDF document text
- https://gegoviboz.weebly.com/uploads/1/3/4/8/134876631/a13051cf936.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- http://fedorahosted.org/lohitIn PDF document text
- https://s3.amazonaws.com/batiku/83522751804.pdfIn PDF document text
- https://e4fb9bf1-a3d6-4767-9bf2-2a1021e5dc09.filesusr.com/ugd/53cfc7_ddb295389f3e446fa5738f1fa5e22ea5.pdf?index=trueIn PDF document text
- https://s3.amazonaws.com/pusolefosex/juromujisomizotukugepe.pdfIn PDF document text
- https://s3.amazonaws.com/fapaga/10509958050.pdfIn PDF document text
- https://e57d8632-f742-4524-ada6-9cdf759d9f13.filesusr.com/ugd/b0cb2d_e79cc0e28d504d9abb707246f78984de.pdf?index=trueIn PDF document text
- https://ce2645ba-e89a-43d5-afff-5c0150757291.filesusr.com/ugd/c63dba_2865329ee0cb487694a8727c076d10cc.pdf?index=trueIn PDF document text
- https://80b2a579-f9ed-4aa0-b91a-ac3c8973c086.filesusr.com/ugd/353d00_a6e98865528846c68814fe0b49b1f354.pdf?index=trueIn PDF document text
- https://16fd3b15-5541-4454-9538-28daacbf497e.filesusr.com/ugd/e32576_5e773ae3668d4f17aa119379e5dfb97f.pdf?index=trueIn PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00011c51.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x11C51 | 5904 bytes |
SHA-256: c5d6e921bde6f1af743043f58044f28e717a703cf82aa0d8f9ea280ce635e96c |
|||
font_01_sfnt_off0001304d.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1304D | 55356 bytes |
SHA-256: e64607fb89a5ca29b53c09a4394b1cacd7282b58db429959a900e5ea6d8fdb9c |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.