MALICIOUS
124
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1204.002 Malicious Link
The PDF contains numerous embedded URLs, with a significant portion hosted on disposable domains and employing UTM parameters, indicating a link farm or phishing lure. Heuristics like 'PDF_SEO_DISPOSABLE_LINK_FARM' and 'ML_NYX_PDF_MALICIOUS' strongly suggest malicious intent. ClamAV detection further confirms this, identifying the file as a phishing trojan.
Machine Learning
- Nyx PDF Classifier malicious score 0.8429
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
-
Small PDF is a non-clustered link farm on disposable hosting medium PDF_SEO_DISPOSABLE_LINK_FARMSmall PDF contains many clickable external PDF links spread thin across many distinct hosts (no single dominant host), corroborated by a utm_term SEO-redirector link and/or links parked on free/disposable content hosts. This is the 'free document/template' SEO phishing PDF family, which ranks for search queries and routes users into payload/redirect chains, rather than a normal document citation pattern. The PDF itself carries no exploit — the risk is the linked destinations.
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://leonvi.ru/strik?utm_term=how+many+oz+in+a+small+sonic+shake PDF link annotation
- http://deliwubavamir.mypressonline.com/person_centred_care_definition.pdfIn PDF document text
- http://jezoxegodugorol.22web.org/papawaluvex.pdfIn PDF document text
- http://tomogorman.com/891759293768t0oa.pdfIn PDF document text
- http://vashmaster.info/business_analyst_jobs_no_degreegkd0b.pdfIn PDF document text
- http://alcexpress1.xyz/plantronics_backbeat_fit_2100_specsvy4gk.pdfIn PDF document text
- https://powipasime.weebly.com/uploads/1/3/4/7/134725879/vopivufezavorus-melurawufasima-tozotifo.pdfIn PDF document text
- https://visopitolunew.weebly.com/uploads/1/3/1/4/131483219/3402809.pdfIn PDF document text
- https://fewurigog.weebly.com/uploads/1/3/0/9/130969621/8724391.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://5c2df1de-05ea-4e17-9aa3-38adc7ce3153.filesusr.com/ugd/ddd609_dd60293bc4d2490da9fffc9d84fb3047.pdf?index=trueIn PDF document text
- https://uploads.strikinglycdn.com/files/157c0ecb-9935-4666-8870-4e47120b28e6/ap_music_theory_test_date_2020.pdfIn PDF document text
- http://bidavavaxekize.epizy.com/tanedulinexapidegovep.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/6b76e2ef-6cbb-4536-b470-f6491c04768f/nizakixupikojexuwokonel.pdfIn PDF document text
- https://3c8197b3-f999-4f29-b3da-fbdfea3dbf34.filesusr.com/ugd/0047a4_d105d8031af94e7a947c111e3dd866bf.pdf?index=trueIn PDF document text
- https://uploads.strikinglycdn.com/files/7c0292a8-3c51-4d81-bf06-1cdde2ea2a71/3210284571.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/60a75fa2-0f84-46b1-b5f4-d05a207b3a91/furug.pdfIn PDF document text
- http://fusozevukatamir.atwebpages.com/39369474249.pdfIn PDF document text
- https://9e9203d9-9f5b-42f2-a849-05e42d741f90.filesusr.com/ugd/3527d5_cff443bfe048429c9241781abf25e9fb.pdf?index=trueIn PDF document text
- https://b40f07b9-a98f-42b6-a6e2-5dc2c82ebb0e.filesusr.com/ugd/e949ea_678c8cec7f6944fe8275b2e2cd735011.pdf?index=trueIn PDF document text
- https://uploads.strikinglycdn.com/files/d0c4457b-6a64-484d-a8fd-6934976169f4/brother_lx_3125_price.pdfIn PDF document text
- http://sebokegekesuded.atwebpages.com/atomic_theory_test.pdfIn PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000e2fa.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xE2FA | 5212 bytes |
SHA-256: e5ba3ea8ae1ada415bb60538a7ee7a4938f75c6a1eb3265e37d8ab019a7a0d17 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.