MALICIOUS
154
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
The PDF contains a large number of external links, many of which are SEO-optimized to appear as legitimate search results. The heuristic 'PDF_SEO_LINK_FARM' indicates a mass of external PDF links, and the 'ML_NYX_PDF_MALICIOUS' and 'CLAMAV_DETECTION' heuristics confirm its malicious nature. The embedded URLs likely lead to phishing or malware distribution sites, and the document body, though heavily obfuscated, appears to be a lure related to a book download.
Machine Learning
- Nyx PDF Classifier malicious score 0.9088
Heuristics 4
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://resalured.ru/award?keyword=bhagavad+gita+sadhak+sanjivani+english+pdf+download
- http://sokobumoxagug.scienceontheweb.net/fuzubokaxiroxaxun.pdf
- http://jakufodunod.getenjoyment.net/2771637949.pdf
- http://pojapir.mygamesonline.org/starbucks_nutrition_uk.pdf
- http://wotidoteked.mywebcommunity.org/phonetic_transcription_in_theory_and_practice.pdf
- http://xoxekojut.onlinewebshop.net/scales_and_arpeggios_for_saxophone.pdf
- https://uploads.strikinglycdn.com/files/8bbacddb-3399-48c6-9cff-98a3022c8298/sound_blaster_z_stopped_working.pdf
- https://s3.amazonaws.com/lemerisinivum/zakosoxafuxapagi.pdf
- https://s3.amazonaws.com/remavuj/48114424944.pdf
- https://6cdb29d4-22ce-4aaf-9e51-562b59d50851.filesusr.com/ugd/1b20fb_f7c592360d714b6fbee3e03b3ff0a214.pdf?index=true
- https://d2faa26e-66ca-44cd-8f84-883624a71019.filesusr.com/ugd/dbbfd0_47ca8b2449474f5da015b3a969503e41.pdf?index=true
- https://uploads.strikinglycdn.com/files/2b13c254-b397-4c15-80c7-3a02e4f3db85/what_are_the_475_tax_deductions_for_home_based_businesses.pdf
- https://e0eedba4-cf99-4c42-97f5-d3f9ae5832dd.filesusr.com/ugd/e36ea7_c63bc15655594041a9571cc21f435cc9.pdf?index=true
- https://uploads.strikinglycdn.com/files/1f9108f6-1486-4511-9041-d93e5a5318d9/wonodegukufujojow.pdf
- http://bidusibebawuz.onlinewebshop.net/sab_gertrudis_de_avellaneda.pdf
- https://7e073981-ad1c-4081-8dc0-76946ba36063.filesusr.com/ugd/c4f63d_5b92825a2ddc41fda01615bab8cf3736.pdf?index=true
- https://s3.amazonaws.com/jebokizez/legal_assistant_interview_questions_and_answers.pdf
- https://s3.amazonaws.com/resixexi/flush_dns_di_android.pdf
- http://mifedisiso.atwebpages.com/64885742041.pdf
- https://s3.amazonaws.com/jewizopukuni/woxodezo.pdf
- https://s3.amazonaws.com/luramamelolem/bavosogotajolevipulonugu.pdf
- https://uploads.strikinglycdn.com/files/08820bd9-796f-4b57-b5d7-7f395393edef/netgear_wnr3500lv2_openwrt.pdf
- https://uploads.strikinglycdn.com/files/94260e09-1c49-47b0-953d-932bb4e5d1c7/60011452353.pdf
- https://s3.amazonaws.com/pevarijidasalop/logitech_speakers_z323_manual.pdf
- https://5ec50ee2-6c76-415b-b731-82d7de26534b.filesusr.com/ugd/826e74_05c9e8aa432c4b6f86b727f95969aa04.pdf?index=true
- http://zoligagomuwe.onlinewebshop.net/79306789543.pdf
Open this report in the interactive analyzer, or submit your own file for analysis.