MALICIOUS
124
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
The PDF file was flagged by ML classifiers and ClamAV as malicious, specifically as a phishing trojan. It contains numerous embedded URLs, many of which point to disposable hosting and are structured as link farms, suggesting a distribution or phishing campaign. The presence of PDF_SEO_DISPOSABLE_LINK_FARM heuristic further supports this, indicating a tactic to obscure malicious intent through a large number of low-reputation links.
Machine Learning
- Nyx PDF Classifier malicious score 0.8963
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
-
Small PDF is a non-clustered link farm on disposable hosting medium PDF_SEO_DISPOSABLE_LINK_FARMSmall PDF contains many clickable external PDF links spread thin across many distinct hosts (no single dominant host), corroborated by a utm_term SEO-redirector link and/or links parked on free/disposable content hosts. This is the 'free document/template' SEO phishing PDF family, which ranks for search queries and routes users into payload/redirect chains, rather than a normal document citation pattern. The PDF itself carries no exploit — the risk is the linked destinations.
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://coretry.ru/uplcv?utm_term=best+editing+apps+for+android+phones PDF link annotation
- https://www.hasmow.com.au/application/third_party/ckfinder/userfiles/files/89674681999.pdfIn PDF document text
- http://valsadindustries.com/userfiles/file/wisesajugomiban.pdfIn PDF document text
- http://reckdance.pl/userfiles/file/50937010968.pdfIn PDF document text
- http://bsinteriordesigner.com/userfiles/files/41637575077.pdfIn PDF document text
- https://www.psk.com.au/application/third_party/ckfinder/userfiles/files/81187913977.pdfIn PDF document text
- http://ms-beauty.com/ckfinder/userfiles/files/bijepuw.pdfIn PDF document text
- http://masan315.net/board/imagefile/file/91343825341.pdfIn PDF document text
- https://havadisname.com/upload/ckfinder/files/potot.pdfIn PDF document text
- http://balmybnb.com/t/tutorfirm/uploads/ck/files/94257342913.pdfIn PDF document text
- http://feynburg-uhren.de/uploads/raxariwel.pdfIn PDF document text
- https://toppelletmachine.com/d/files/98968261859.pdfIn PDF document text
- http://girc.ncue.edu.tw/ckfinder/ckfiles/files/36268679084.pdfIn PDF document text
- https://ercrs.org/wp-content/plugins/super-forms/uploads/php/files/mqko0e012uupi56nqv8jn2evc9/taviv.pdfIn PDF document text
- https://fonixkoncert.hu/upload/file/49503853519.pdfIn PDF document text
- http://www.firengo.com/userfiles/files/xirumek.pdfIn PDF document text
- https://trystsalonri.com/images/file/vetivib.pdfIn PDF document text
- http://avandcie-energy.com/ckfinder/userfiles/files/68805698898.pdfIn PDF document text
- http://indyskischool.com/ckfinder/userfiles/files/16129891161.pdfIn PDF document text
- https://www.taxiserviceh24.com/wp-content/plugins/formcraft/file-upload/server/content/files/161419cac2046f---77068220360.pdfIn PDF document text
- http://qkmedica.com/uploads/userfiles/file/tizelow.pdfIn PDF document text
- http://becskeicsodajo.hu/admin/fck_upload/file/tiwudogokizufuku.pdfIn PDF document text
- https://myagenda.myagenda.cz/pictures/editor/files/70015304879.pdfIn PDF document text
- http://abwsalisbury.com/uploads/files/26278359886.pdfIn PDF document text
- http://rockhousemethod.com/ckfinder/userfiles/files/35504522941.pdfIn PDF document text
- http://xn--80aikni6a0b.xn--p1ai/images/file/81628579944.pdfIn PDF document text
Open this report in the interactive analyzer, or submit your own file for analysis.