MALICIOUS
126
Risk Score
Machine Learning
- Nyx PDF Classifier malicious score 0.9998
Heuristics 5
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
Small PDF is a non-clustered link farm on disposable hosting medium PDF_SEO_DISPOSABLE_LINK_FARMSmall PDF contains many clickable external PDF links spread thin across many distinct hosts (no single dominant host), corroborated by a utm_term SEO-redirector link and/or links parked on free/disposable content hosts. This is the 'free document/template' SEO phishing PDF family, which ranks for search queries and routes users into payload/redirect chains, rather than a normal document citation pattern. The PDF itself carries no exploit — the risk is the linked destinations.
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://fokemale.ru/wix?keyword=ph+and+poh+calculations+worksheet+key PDF link annotation
- https://cdn.sqhk.co/wolanojijen/igjdoye/snow_bike_racing_x_games.pdfIn PDF document text
- http://fizebiredasibi.mypressonline.com/adp_run_payroll_employer_login.pdfIn PDF document text
- http://taxevidel.medianewsonline.com/what_is_a_passing_edtpa_score_in_ny.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4490274/normal_5fd1bc80bec4e.pdfIn PDF document text
- https://cdn.sqhk.co/supekokabe/b1AicNK/texikopizovelixog.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4424024/normal_600aa14eab9ae.pdfIn PDF document text
- http://kujunat.medianewsonline.com/31675710581.pdfIn PDF document text
- https://cdn.sqhk.co/sunomedude/Hjchf3P/94286245587.pdfIn PDF document text
- https://cdn.sqhk.co/xidujefonari/ckoyhbC/73134695581.pdfIn PDF document text
- http://jabilevij.mypressonline.com/what_temperature_should_my_whirlpool_fridge_be_at.pdfIn PDF document text
- http://gosoxegekiri.mywebcommunity.org/good_evening_in_spanish_pronunciation.pdfIn PDF document text
- https://cdn.sqhk.co/kofatuziwu/ahcjFib/zombie_age_2_mod_apk_2018.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://ff19a39e-637c-4fc6-80cc-750024e8dd37.filesusr.com/ugd/d217e2_5ad49876d6b44dbe83e9da18a3c17fef.pdf?index=trueIn PDF document text
- https://ecf8b3bd-8201-449f-a39c-156acd88681e.filesusr.com/ugd/97634b_1c61b85a5ad94f22a7e5f5663d324999.pdf?index=trueIn PDF document text
- https://3d7c42e8-cad9-4196-8f3c-0f210fd97588.filesusr.com/ugd/1b7c00_c6540e9546304cec81b75018a6ff48dd.pdf?index=trueIn PDF document text
- https://044ec7df-721b-4788-b209-87474a3fcb06.filesusr.com/ugd/60ffa2_3b7a556c9b674913894635fd77ab218d.pdf?index=trueIn PDF document text
- https://d33b8dfc-9792-4d26-9d81-613d0bd32a71.filesusr.com/ugd/d34367_799df96fa5794d1bb140725474207e0e.pdf?index=trueIn PDF document text
- http://nukivamo.myartsonline.com/dilamibiwefin.pdfIn PDF document text
- https://6205d428-d5dc-494e-bbc3-e2236f9d811e.filesusr.com/ugd/6885a6_f7ebeffcd5584c0888c4a4850fa54d12.pdf?index=trueIn PDF document text
- https://7fc1e5b2-1dd8-4457-9de2-3dea1ab9f589.filesusr.com/ugd/fedd61_9b2841cf661d42b5b719795def9192ad.pdf?index=trueIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000cdef.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xCDEF | 5420 bytes |
SHA-256: ddc95dabaf4c72cebf8458a6038cfe7db88473d1557367d2d2f091bcc095b942 |
|||
font_01_sfnt_off0000e06b.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xE06B | 9984 bytes |
SHA-256: 2ac0d915d0b66c7a6b09a4ebb40eb42f6da3220e90ec6908971f4632c32deef8 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.