MALICIOUS
154
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF contains numerous external links, many of which are likely part of a link farm designed to improve search engine rankings for unrelated topics, a common phishing tactic. One of the embedded URLs, 'https://infrive.ru/pbw?utm_term=how+do+i+take+a+picture+with+my+logitech+webcam', is flagged as suspicious and likely leads to a phishing page. The ClamAV detection and ML classifier further support its malicious nature, indicating it's a phishing trojan.
Machine Learning
- Nyx PDF Classifier malicious score 0.8273
Heuristics 4
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://infrive.ru/pbw?utm_term=how+do+i+take+a+picture+with+my+logitech+webcam
- https://vakilelem.weebly.com/uploads/1/3/1/3/131379598/xokaxag_dutikozekaxote_zasedapi_vovigoludorokaw.pdf
- https://cdn-cms.f-static.net/uploads/4393028/normal_605d9b378eb97.pdf
- https://cdn-cms.f-static.net/uploads/4368496/normal_6015b42f7e21e.pdf
- https://static.s123-cdn-static.com/uploads/4446026/normal_5feb1174f40f4.pdf
- https://cdn-cms.f-static.net/uploads/4500897/normal_6046bfc6e9423.pdf
- https://cdn-cms.f-static.net/uploads/4413567/normal_5fd94ab915fba.pdf
- https://tuzupenaxu.weebly.com/uploads/1/3/1/4/131454165/186318.pdf
- https://cdn-cms.f-static.net/uploads/4470553/normal_602a317597f80.pdf
- https://pulapafux.weebly.com/uploads/1/3/0/8/130874232/nosodimuvob.pdf
- https://static.s123-cdn-static.com/uploads/4367922/normal_5fe3e0b8ce781.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://uploads.strikinglycdn.com/files/dfcdd72e-efd9-44f7-9415-11c5554ad081/kefetodaxevefurak.pdf
- https://uploads.strikinglycdn.com/files/050dae19-3934-4f7d-bb54-70908491df4f/birds_and_the_bees_story_online.pdf
- http://veweran.pbworks.com/f/dish_hopper_3_upgrade_cost_for_existing_customers_2018.pdf
- https://uploads.strikinglycdn.com/files/e26e5f67-4d02-4b55-88cc-dce0e828c5bf/vegikuriwivazova.pdf
- https://uploads.strikinglycdn.com/files/03c691bb-ed78-48bc-9578-3ef2f0dc54ba/the_hunger_games_mockingjay_part_1_free_online.pdf
- https://uploads.strikinglycdn.com/files/e669015b-d82d-47aa-b2dd-6abc78cc3155/22964468750.pdf
- https://uploads.strikinglycdn.com/files/fbaa3d47-cd99-4dcc-adea-95818539bda2/historia_do_brasil_livro_on_line.pdf
- https://uploads.strikinglycdn.com/files/24de69e9-97d9-4387-b0fd-6c2333f0238c/79930888288.pdf
- https://uploads.strikinglycdn.com/files/44617a62-8bfb-41be-9e55-72a14bb1b3fe/kidde_smoke_detector_alarm_battery_operated_model__i9050.pdf
- https://uploads.strikinglycdn.com/files/21496b7c-e369-4d80-b037-ada58088d8ae/lavifegidebejukubibugeruf.pdf
- http://mamejoniza.pbworks.com/w/file/fetch/144658068/dream_tv_code_activation_2021.pdf
- http://scripts.sil.org/OFL
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000e2a9.binba019c2f29779a9f2df0c84ae9e0a5267bc6c2276f10a90dd326ed7178ef8cf6 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xE2A9 | 5444 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.