MALICIOUS
156
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
This PDF file was identified as malicious by ML classifiers and ClamAV, indicating a phishing or trojan threat. It contains a large number of external links, many pointing to PDF files hosted on various platforms, suggesting a link farm or redirection mechanism. The document body, though heavily obfuscated, appears to be a lure related to 'hacking' in a game, intended to drive traffic to malicious sites.
Machine Learning
- Nyx PDF Classifier malicious score 0.9993
Heuristics 5
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://pelibifir.ru/strik?utm_term=how+to+hack+heavenly+chips+in+cookie+clicker PDF link annotation
- https://dawemewi.weebly.com/uploads/1/3/4/7/134747996/mimuwirojules.pdfIn PDF document text
- https://kufurana.weebly.com/uploads/1/3/1/4/131482954/780837.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4502439/normal_60083fb4c9324.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4377679/normal_5fc6f13402a3b.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4416504/normal_5ff64cbe8c9f2.pdfIn PDF document text
- https://wezoduvum.weebly.com/uploads/1/3/4/0/134096245/dagisozijoj.pdfIn PDF document text
- https://xapowukugo.weebly.com/uploads/1/3/4/7/134702937/162569.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4446019/normal_604d7edb2df91.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4408858/normal_6058c8ca93d32.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4368751/normal_602a7433ea7c9.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4365598/normal_5ff15064d74a4.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4417523/normal_6033d266ba0d0.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4394060/normal_606d5bce0a6fa.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4366005/normal_603fd62f6f3e3.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4444630/normal_5ffc056a0ba6f.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4402960/normal_603a9c55e0bf8.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4460970/normal_603333da5dc15.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4402247/normal_601b1b376d1a9.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4388421/normal_605f45056dccb.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://uploads.strikinglycdn.com/files/0272373f-5dfa-48fc-821b-66da7fe171f0/sadonowev.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/58c3c3d6-5ff3-4e64-8ae5-cebed3b6b68c/xikebozogo.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/ddbff2b3-1898-4684-827d-762604333e6f/route_48_bus_schedule_sunday.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/3dba7c7e-aef3-4dd3-a8e0-a72395646f54/how_to_open_a_digital_sentry_safe_without_the_combination_or_key.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000e9ce.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xE9CE | 5300 bytes |
SHA-256: ff453366be972506051debd158660d5bf16f326bee1409f8cddc618d88d4e1fc |
|||
font_01_sfnt_off0000fbe9.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xFBE9 | 11320 bytes |
SHA-256: cf84e1718e2d2e8e8d7fbee45d9d4799da37921b6f539b8c88050ab26f8ee477 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.