MALICIOUS
154
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF contains numerous external links, with one prominent URL leading to a domain designed to mimic search results. This suggests a phishing or SEO poisoning attack to redirect users to malicious content. The ClamAV detection and ML classifier further support its malicious nature, indicating it's likely a phishing or trojan delivery mechanism.
Machine Learning
- Nyx PDF Classifier malicious score 0.8464
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://dafemum.ru/award?keyword=ambrose+bierce+chickamauga+pdf PDF link annotation
- http://pakirekugep.scienceontheweb.net/41384206265.pdfIn PDF document text
- http://gifagudilul.mypressonline.com/3659141147.pdfIn PDF document text
- http://xutifufaxe.mypressonline.com/cuentos_latinoamericanos_cortos_de_terror.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://s3.amazonaws.com/xuvamuba/vidya_vox_kuthu_fire_mp4.pdfIn PDF document text
- https://fa90eb46-aa9b-4fd1-a2e8-e903ec8e50a4.filesusr.com/ugd/575fb0_bc7e1d2c276f46ef9a8adeb41ebf4d6d.pdf?index=trueIn PDF document text
- https://4adff18d-dc39-4349-be2c-eeb12737f1cb.filesusr.com/ugd/9117e0_c22eefe0c7414a0989752c0a7653acfb.pdf?index=trueIn PDF document text
- https://uploads.strikinglycdn.com/files/2bd1afa0-7ffa-491c-95cb-e47c1bf062da/the_tale_of_peter_rabbit_chapter_1.pdfIn PDF document text
- https://ba30dffa-51fe-4caa-9472-6f142403a9bb.filesusr.com/ugd/c2007e_bcb34adc6e91455fbff1b29e8576a06c.pdf?index=trueIn PDF document text
- https://uploads.strikinglycdn.com/files/d81875a5-29b2-4102-bdb4-241b7a3de57a/94322223194.pdfIn PDF document text
- https://s3.amazonaws.com/gagagakigibapo/disney_theme_park_map_orlando.pdfIn PDF document text
- https://9849c7ec-8b19-4b81-9a64-db2537ea7c40.filesusr.com/ugd/97b1c0_2a91668b2e5d45e799aff86ba389e9df.pdf?index=trueIn PDF document text
- https://bcd7deca-fd5d-492b-a220-d373ca515bc9.filesusr.com/ugd/12f4eb_986b4ceca17240d4bb689de9aff2e77f.pdf?index=trueIn PDF document text
- https://4590046d-f0a9-4171-b8a0-56ff8c1fe63c.filesusr.com/ugd/0bfb20_1aeba8d2bcfe4457aabcd0a817435a73.pdf?index=trueIn PDF document text
- https://uploads.strikinglycdn.com/files/e208c81e-90d5-4442-8851-9f3064bc7fa6/90032247549.pdfIn PDF document text
- https://s3.amazonaws.com/dobikasukavu/12321002615.pdfIn PDF document text
- https://73e25548-3913-4bbb-aa69-a1b25f69568d.filesusr.com/ugd/cece23_42d448ad56014190a481ba90c369b11b.pdf?index=trueIn PDF document text
- https://8ab8d0a6-ebcf-4503-ac90-3c5d9a0926ce.filesusr.com/ugd/8585d4_84258d32a15e4f8ebcaf45baf00b97dd.pdf?index=trueIn PDF document text
- https://s3.amazonaws.com/polexebuj/como_trabajar_autoestima_en_adolescentes.pdfIn PDF document text
- https://s3.amazonaws.com/taguxif/76640334666.pdfIn PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000ed3d.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xED3D | 5424 bytes |
SHA-256: 77aa11edd1abc57852b8b0ba17b91771a93cd570196099d49f61faa91c91cdda |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.