MALICIOUS
184
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
The PDF is image-heavy and contains an invisible link to a suspicious domain, typical of phishing lures. The ClamAV detection and ML classifier strongly indicate malicious intent. The document body contains obfuscated text and metadata suggesting it's a lure for a malicious download or phishing site.
Machine Learning
- Nyx PDF Classifier malicious score 0.9369
Heuristics 6
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
Image-heavy PDF with invisible link to suspicious domain high PDF_SUSPICIOUS_LINK_LUREPDF is a small image-heavy lure with invisible link annotations that send the user to a suspicious high-risk-domain URI. This matches credential-phishing carriers where the visible document is only a prompt and the real collection flow happens on the linked website.
-
Image-only document with action trigger (screenshot lure) medium PDF_IMAGE_LUREPDF has 1 image(s), only 0 text block(s), carries a click-outward action, and is only 49 KB — typical shape of a phishing lure where a full-page screenshot hides a clickable button that launches or submits to an attacker URL.
-
Small PDF is a non-clustered link farm on disposable hosting medium PDF_SEO_DISPOSABLE_LINK_FARMSmall PDF contains many clickable external PDF links spread thin across many distinct hosts (no single dominant host), corroborated by a utm_term SEO-redirector link and/or links parked on free/disposable content hosts. This is the 'free document/template' SEO phishing PDF family, which ranks for search queries and routes users into payload/redirect chains, rather than a normal document citation pattern. The PDF itself carries no exploit — the risk is the linked destinations.
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://crophysi.ru/aws?utm_term=video+player+free++for+pc+latest
- http://afracheat2.xyz/delosorozalakebeyvxu7.pdf
- http://raifaisentgo.online/edexcel_a_level_maths_pure_year_2_solutionsbjrw0.pdf
- http://mushygushysayings.com/69399400815qgn3g.pdf
- https://cdn.sqhk.co/dajebala/Bgejeib/musiwidefozelusata.pdf
- http://vostokzapad.su/srimad_devi_bhagavatam_telugu_free_downloadnrwz5.pdf
- http://presentinsta.online/whatsapp_status_images_in_punjabi48epe.pdf
- http://taher-tcac.com/pewdiepie_tuber_simulator_mod_apk_unlimited_allgrhtf.pdf
- http://autocredit.moscow/ti_dragon_city_hack_2020_apkggwc7.pdf
- https://cdn.sqhk.co/rapowipijes/7SUifgj/nubatafolabemilofi.pdf
- https://cdn.sqhk.co/xolilipedeko/hdjgGhf/crash_of_cars_hidden_cars_lounge.pdf
- http://securitycheckingbrowservkcom.xyz/78541491879ram83.pdf
- https://cdn.sqhk.co/dolubivo/gh2nhda/bewaledewuv.pdf
- http://gewuruso.epizy.com/technical_analysis_charting_software_free.pdf
- https://s3.amazonaws.com/wefemabeni/wuradumenojemabopat.pdf
- http://xivikinobuni.epizy.com/surgical_pathology_textbook.pdf
- http://jomajipikuxa.rf.gd/25805272116.pdf
- http://kalotiwinilobiw.epizy.com/latest_android_os_version_2018.pdf
- http://pekuvem.epizy.com/bukiropadutozamubosuto.pdf
- https://s3.amazonaws.com/remavuj/10751241218.pdf
- https://s3.amazonaws.com/nonabafat/fipusirin.pdf
Open this report in the interactive analyzer, or submit your own file for analysis.