MALICIOUS
156
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF contains a large number of external links, many of which are SEO-optimized and point to potentially malicious content, as indicated by the 'PDF_SEO_LINK_FARM' heuristic. The primary malicious URL identified is 'https://xezojetit.ru/strik?utm_term=yamaha+r6+service+cost', suggesting a phishing or scam attempt. The ML classifier and ClamAV detection strongly support the malicious verdict.
Machine Learning
- Nyx PDF Classifier malicious score 0.9990
Heuristics 5
-
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://xezojetit.ru/strik?utm_term=yamaha+r6+service+cost PDF link annotation
- https://cdn.sqhk.co/budajawisore/dBhjaij/lawn_tractor_pulls_near_me.pdfIn PDF document text
- https://cdn.sqhk.co/julukijowi/iTZhaoJ/sqlite_begin_transaction_example_android.pdfIn PDF document text
- https://cdn.sqhk.co/vuzowadijavu/u5ggXZC/vumuwarapirapajivabuwaj.pdfIn PDF document text
- https://cdn.sqhk.co/zonelatu/iijgjjk/the_godking_s_legacy_richard_nell.pdfIn PDF document text
- https://cdn.sqhk.co/vavewiren/etgifif/pefotadogofup.pdfIn PDF document text
- https://cdn.sqhk.co/geruvijiwiw/bzyT3Gg/box_tower_stack_race_3ds.pdfIn PDF document text
- https://cdn.sqhk.co/fifusaji/gAYrqsW/xurove.pdfIn PDF document text
- https://cdn.sqhk.co/wirowanorax/gWhjhhe/athletic_apparel_industry_revenue.pdfIn PDF document text
- https://cdn.sqhk.co/wifilivemij/cMtsjdw/virtualbox_64_bit_windows_10_home.pdfIn PDF document text
- https://cdn.sqhk.co/janawezexoj/KiyihM0/hd.pdfIn PDF document text
- https://cdn.sqhk.co/gotuxixovumu/tSifGjj/word_search_printable_fall.pdfIn PDF document text
- https://cdn.sqhk.co/kukusagufo/cifjbKT/melody_of_the_night_12_piano_sheet.pdfIn PDF document text
- https://cdn.sqhk.co/xixumobun/jgfhdja/26463519840.pdfIn PDF document text
- https://cdn.sqhk.co/wigalefu/ggrrbMb/sezedi.pdfIn PDF document text
- https://cdn.sqhk.co/pivokazi/eidhb04/63335693409.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- http://www.daltonmaag.com/In PDF document text
- https://uploads.strikinglycdn.com/files/689d93b9-3ece-4bfb-bd71-b81019590cf8/how_to_turn_on_panasonic_plasma_tv_without_remote.pdfIn PDF document text
- https://b73db3ac-2e3c-475a-83ab-7f4668f00a8f.filesusr.com/ugd/80e8fa_32b5986dfb3a4b0e8a38467d4d33818f.pdf?index=trueIn PDF document text
- https://uploads.strikinglycdn.com/files/5da3be62-c5ad-4629-81c5-0721dcd0129a/resumen_corto_del_libro_rebelion_en_la_granja.pdfIn PDF document text
- https://17c3d818-7f64-4152-976a-2fa997d7a7be.filesusr.com/ugd/e2c250_8c3f5f02b5594f2b9368fc9008f003ee.pdf?index=trueIn PDF document text
- https://uploads.strikinglycdn.com/files/64323764-0557-4917-81fe-ce9bd20ade1f/schlage_camelot_entry_door_handle_installation.pdfIn PDF document text
- https://2f2ab42d-e0b4-4bd3-aa50-2430da1ff5fc.filesusr.com/ugd/eaf48f_6b9ac6666a2e403c96388b30d27ccfdf.pdf?index=trueIn PDF document text
- https://3df06c22-1e8a-4082-8cc2-a0fdc0609706.filesusr.com/ugd/d86e81_bd400cdc32fb48d289382e3232ee6378.pdf?index=trueIn PDF document text
- https://5c2cca0d-3a4e-48b0-93bf-8ac6c0c026cb.filesusr.com/ugd/271e65_cef34f4b41cd4dd2ba3ddb80fbfcc6c7.pdf?index=trueIn PDF document text
- https://uploads.strikinglycdn.com/files/654ff4d9-9113-46bd-a50b-fe94f49301c5/photoshop_cs6_all-in-one_for_dummies.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000105c4.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x105C4 | 4864 bytes |
SHA-256: 2856095866b1fa09a9f2a21c801dc2c616134dc72e370814e116c97e7bd329be |
|||
font_01_sfnt_off00011649.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x11649 | 12460 bytes |
SHA-256: 63f6ce7a05b66f361550c850d64910e77757032f0df5e686eda2c97920568f52 |
|||
font_02_sfnt_off00013e9f.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x13E9F | 4324 bytes |
SHA-256: 4fcfa7c68d76e23b667942a3ac892d2d5d88346478daafc61479ad4df4af3dd3 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.