MALICIOUS
156
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF file contains a large number of external links, many of which are generated to appear as SEO-friendly content, indicating a link farm or phishing attempt. The ClamAV detection and ML classifier strongly suggest malicious intent, specifically identified as a phishing trojan. The embedded URLs are likely used to redirect users to malicious sites or download further payloads.
Machine Learning
- Nyx PDF Classifier malicious score 0.9973
Heuristics 5
-
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://xajibur.ru/award?keyword=cardiovascular+system+pdf+anatomy PDF link annotation
- http://nonowun.mywebcommunity.org/tosam.pdfIn PDF document text
- http://sabovibin.medianewsonline.com/aadhaar_download_in_format.pdfIn PDF document text
- http://puvepum.getenjoyment.net/how_to_learn_web_development_on_your_own.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- http://fedorahosted.org/lohitIn PDF document text
- https://aabf49e0-5477-4fd2-8456-a986ef8f2a87.filesusr.com/ugd/9e14ca_b307c3e7348b4ccc8cb493694139fdc6.pdf?index=trueIn PDF document text
- https://s3.amazonaws.com/tetofamuxulil/vidugak.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/88d92062-db61-412a-9e74-5a01ec66773a/how_to_learn_woodworking_skills.pdfIn PDF document text
- http://bajupigirosinaf.atwebpages.com/tc_helicon_voicelive_2_firmware_update.pdfIn PDF document text
- https://3d7c42e8-cad9-4196-8f3c-0f210fd97588.filesusr.com/ugd/1b7c00_f9b5f9b5e1814e4f95f9e9441f36d62b.pdf?index=trueIn PDF document text
- https://uploads.strikinglycdn.com/files/7baf6491-4e27-4dc4-9e85-cbed64824668/how_to_reset_a_galaxy_tablet_to_factory_settings.pdfIn PDF document text
- https://02bc4616-4eae-4b38-b2c9-0e654f754ee0.filesusr.com/ugd/069df5_13638e6ca64d45ffa0ec6710f1c4f8dd.pdf?index=trueIn PDF document text
- https://de315c38-daa2-4293-b666-e554ba9b7d65.filesusr.com/ugd/564d2e_e9df9518c46e4a2287efd557a1c2fd90.pdf?index=trueIn PDF document text
- https://s3.amazonaws.com/vapelurowar/tekoduvinasubexe.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/cb41feb0-1552-4a09-806f-c5486eff74d1/percy_jackson_disney_plus_auditions.pdfIn PDF document text
- https://s3.amazonaws.com/fevobelijogal/marketing_general_knowledge_questions_answers.pdfIn PDF document text
- http://negumigimewote.onlinewebshop.net/troy_bilt_junior_tiller_parts.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/a37f5152-09a2-4974-aee5-b1127495322c/georgia_driver_license_renewal_checklist.pdfIn PDF document text
- https://s3.amazonaws.com/baritexovopa/71662977017.pdfIn PDF document text
- https://s3.amazonaws.com/voxipanovigepiv/10086499836.pdfIn PDF document text
- https://s3.amazonaws.com/biwuwukesazef/jakeragolamaxubowasepale.pdfIn PDF document text
- http://rewuwuja.onlinewebshop.net/gikoreredasofowonub.pdfIn PDF document text
- https://f9c81679-ddb1-4746-ab40-32673edc426c.filesusr.com/ugd/2eff39_8c9a044173ab433880a99156427450bf.pdf?index=trueIn PDF document text
- https://s3.amazonaws.com/sirilagewuga/39039055905.pdfIn PDF document text
- https://s3.amazonaws.com/numegubowalonan/whirlpool_dryer_repairs_near_me.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
- http://www.geocities.com/mitra_anirban/hobbies.htmGNUIn PDF document text
- http://www.gnu.org/copyleft/gpl.htmRegularIn PDF document text
Extracted artifacts 5
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000100a1.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x100A1 | 5368 bytes |
SHA-256: efcaf7cbd8b9eaf0d4830feb5a46bb3286b40aef5f88c23872d308c5abef7d6c |
|||
font_01_sfnt_off000112d7.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x112D7 | 3740 bytes |
SHA-256: eb903a4bcabb0673128613fc2c6a3b3be6b6be0204d11159aa2f590e1d82ee93 |
|||
font_02_sfnt_off00011e4e.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x11E4E | 29828 bytes |
SHA-256: 2c783a8129d24999ccc7ce322f0cca6c477b842657e030c7bcda3bdf770bc9de |
|||
font_03_sfnt_off00015cc4.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x15CC4 | 13748 bytes |
SHA-256: e452a5d7d51d7e1ede885bd8bab0c94f103a6fa9e98e4b02376a2d16cc015d82 |
|||
font_04_sfnt_off00018895.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x18895 | 2816 bytes |
SHA-256: d886bb1bf6f0a2e348392751219c6a8484d414dce8a371cc2c26b219dbb157fd |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.