MALICIOUS
154
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF contains a large number of external links, many of which are generated for SEO purposes, pointing to potentially malicious content. One critical heuristic identified a 'PDF_SEO_LINK_FARM' with numerous external PDF links, including a suspicious URL on 'pelibifir.ru'. The ML classifier and ClamAV detection further indicate malicious intent, likely related to phishing or malware distribution.
Machine Learning
- Nyx PDF Classifier malicious score 0.8093
Heuristics 4
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://pelibifir.ru/award?keyword=vowels+and+consonant+sounds+pdf
- https://cdn-cms.f-static.net/uploads/4403688/normal_602991c6bb641.pdf
- https://cdn-cms.f-static.net/uploads/4454995/normal_6046f92fe188a.pdf
- https://static.s123-cdn-static.com/uploads/4465147/normal_5fcd4fdece6ed.pdf
- http://dajekubawanumef.iblogger.org/nebot.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://s3.amazonaws.com/tafogusegabomu/70277437073.pdf
- https://s3.amazonaws.com/visagogijulep/how_to_study_for_step_1_in_2_months.pdf
- https://s3.amazonaws.com/nilititonawafim/free_gift_bow_vector.pdf
- https://s3.amazonaws.com/tutapaxi/chemical_equations_worksheet_year_8.pdf
- https://s3.amazonaws.com/wujixus/amrita_nayak_video_songs_free.pdf
- https://8bbfbdb8-1895-4472-a1c6-9e834ce25a60.filesusr.com/ugd/7deb27_cc799f75ab9f42a59151af4abb11c94b.pdf?index=true
- https://s3.amazonaws.com/fidobakipivogit/sakepajesib.pdf
- http://fizopifiluja.epizy.com/devi_bhagavatam_story_in_telugu.pdf
- https://s3.amazonaws.com/zatazewoz/mafunulepowuruxofexaxup.pdf
- https://3485775d-af35-4505-8fb4-f6750f575e04.filesusr.com/ugd/42f18e_11f09412699c4d27b09e6ea87ffa1633.pdf?index=true
- https://s3.amazonaws.com/dezajok/ravazabemaxitosezi.pdf
- https://d78d2789-9aef-4bfd-88be-9093bec910ef.filesusr.com/ugd/87a178_689740626e5144fb99f22255d52d3f52.pdf?index=true
- https://1e16f6d7-285b-4488-bf07-d3e24ac90e20.filesusr.com/ugd/417718_e6ec302f08e34e04aa6bfda928d83b9e.pdf?index=true
- https://e1ca4115-fb55-43f9-84f1-eaf814f8c83f.filesusr.com/ugd/18122d_8b2f189bb04f431c9b84c71d52df0c5f.pdf?index=true
- https://d67926d6-99fe-48a4-938f-95006fdf2de6.filesusr.com/ugd/21d82e_107c638a1ae140d6bc5f37b50d25d154.pdf?index=true
- https://fea67d75-dd3b-4bdd-af05-748e92ec8a52.filesusr.com/ugd/05900a_4071d1b5f1974fd2853c84ed575e214a.pdf?index=true
- https://6ba7316d-b84b-4ccb-a32a-103c856d4013.filesusr.com/ugd/91f37e_85c6fc3809434309ae31333f91e99d2c.pdf?index=true
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000e10a.bin7fea4cf6ade22f4602de7f0ef123d3a2f0f9a62471dd080e148d90a874279ee7 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xE10A | 5112 bytes |
font_01_sfnt_off0000f29f.binbf1910b0877720922827a7aa26e400a2a87e32a45284d5a7a0c6c5d4ae902e89 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xF29F | 10728 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.