MALICIOUS
124
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
The file is a PDF that uses a lure of a recommendation letter to trick users into downloading it. It contains multiple links pointing to compromised WordPress sites, suggesting a phishing or malware distribution campaign. The ClamAV detection and ML classifier strongly indicate malicious intent, likely to deliver a payload via the embedded links.
Machine Learning
- Nyx PDF Classifier malicious score 0.9548
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
PDF link farm points to compromised-WordPress upload storage medium PDF_COMPROMISED_CMS_UPLOAD_LINK_FARMPDF contains multiple clickable links, across many distinct hosts, whose targets are random-slug files parked in the upload directories of vulnerable WordPress form plugins (FormCraft, Super Forms). This is the hallmark of the 'free document/template' SEO phishing PDF family, which ranks for search queries and routes users into payload/redirect chains hosted on compromised sites. The PDF itself carries no exploit — the risk is the linked destinations.
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://www.hediyevideo.com/wp-content/plugins/formcraft/file-upload/server/content/files/1607fd95a2163d---74889377157.pdf
- https://www.colegiodesafio.net/home/wp-content/plugins/formcraft/file-upload/server/content/files/160836ec829114---muvopijupebun.pdf
- https://regalcabs.co.uk/wp-content/plugins/formcraft/file-upload/server/content/files/16072be57f142a---11651726989.pdf
- http://antik-cafe-bergen.de/wp-content/plugins/formcraft/file-upload/server/content/files/1607ebec454b81---tunivuwajugir.pdf
- http://exactblue.com/wp-content/plugins/formcraft/file-upload/server/content/files/1606c8d70b12af---tejusaxipasuvufoliniroxok.pdf
- http://aliancegroup.su/wp-content/plugins/formcraft/file-upload/server/content/files/16079816e36a3d---63269561249.pdf
- https://mikepromedia.com/wp-content/plugins/super-forms/uploads/php/files/7voi2aeq1mg5oclqls2ueldri3/gotuze.pdf
- https://tripleccompanies.com/wp-content/plugins/super-forms/uploads/php/files/c2a7580e6d3400da3d58f76cc55458c3/veparubilamela.pdf
- https://duext.com/wp-content/plugins/super-forms/uploads/php/files/9f2672e93e2b661c5d06a0507c3e3f49/3377683925.pdf
- https://dmddsgn.com/wp-content/plugins/super-forms/uploads/php/files/d2e6249245b1abaef3e48911551400f1/viwezikaxijosi.pdf
- http://www.assignproject.com/wp-content/plugins/formcraft/file-upload/server/content/files/160742e476d05f---zuzos.pdf
- http://careerhack.net/wp-content/plugins/formcraft/file-upload/server/content/files/16085ccd75ed76---foraxo.pdf
- https://www.leeja.co.uk/wp-content/plugins/super-forms/uploads/php/files/e3abb0f3bf47d8cbdc24d06aa5615e4e/36318237251.pdf
- http://www.expertnutritionadvisor.com/wp-content/plugins/formcraft/file-upload/server/content/files/16082c752dd3ff---3174304750.pdf
- http://www.goataxiservice.com/wp-content/plugins/formcraft/file-upload/server/content/files/1608069a2dd5ab---nuzadizudijoviwuvumetaj.pdf
- https://k9-warrior.com/wp-content/plugins/super-forms/uploads/php/files/p4l4kltcg4f2hjqtrunfn3ngk3/13935606709.pdf
- https://nuregio.de/wp-content/plugins/formcraft/file-upload/server/content/files/1608b7a08a4983---5473408464.pdf
- https://feedproxy.google.com/~r/skout/mBVl/~3/S30rS-6n6vg/uplcv?utm_term=recommendation+letter+for+student+from+teacher+pdf
Open this report in the interactive analyzer, or submit your own file for analysis.