MALICIOUS
156
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF contains a mass of external links, many of which are likely part of a link farm designed to manipulate search engine results. One prominent URL, 'https://jottigo.ru/strik?utm_term=what+is+the+effect+of+k+to+12+curriculum', appears to be a lure to a malicious site. ClamAV detection and ML classification strongly indicate malicious intent, likely for phishing or malware delivery.
Machine Learning
- Nyx PDF Classifier malicious score 0.9994
Heuristics 5
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://jottigo.ru/strik?utm_term=what+is+the+effect+of+k+to+12+curriculum PDF link annotation
- https://cdn-cms.f-static.net/uploads/4369324/normal_602a0d3cceb24.pdfIn PDF document text
- https://dupevolorimix.weebly.com/uploads/1/3/4/5/134588768/wipapixalusaji.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4466996/normal_6039bf54503e4.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4476569/normal_6016b30ae8b8e.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4453575/normal_602c4426217be.pdfIn PDF document text
- https://dotozirijekuzo.weebly.com/uploads/1/3/4/3/134315872/nuzitixolamokune.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4402707/normal_60291b92b7673.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4485152/normal_5fe6dbb30ea9b.pdfIn PDF document text
- https://sevezumu.weebly.com/uploads/1/3/2/7/132710575/1405916.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4467273/normal_5fdc290d17b90.pdfIn PDF document text
- https://betirowi.weebly.com/uploads/1/3/4/6/134661799/wepokuluxodixe_duzakepu.pdfIn PDF document text
- https://simiwulizolur.weebly.com/uploads/1/3/1/4/131455232/malutinamip.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4425211/normal_6043dfa02e594.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://uploads.strikinglycdn.com/files/ce6be212-805e-488e-bce7-2f46c2336100/25150538521.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/88e3b15e-7e5d-412b-849f-d80ec090498a/multiplication_tables_worksheets_grade_2.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/34ea8bbe-46e4-4c91-b35b-68bd22ba6038/jijakesobifoxefe.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/55345a93-4ae0-43a3-83f3-d85c846b5968/siwazumufi.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/71dfe4d5-ca1a-41bb-b024-c38c252d121f/20920526836.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/1bf7d2b4-0e64-4cf6-97b2-fb2a172c1032/how_to_set_up_beats_solo_pro.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/ff5e0bd6-b941-48c0-8a18-df44c02605aa/what_is_the_ip_address_for_canon_mg2522.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/107e7a16-6f34-47dc-9d83-0f0a5e2a8d0b/tidiginilewabusovod.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/7d536237-c7f9-40ab-a145-15570432aeae/unlock_mythic_adventures_deutsch_erscheinungsdatum.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/0d7d640e-f72a-47c3-b131-0b330c7810da/msi_970a-g43_drivers_windows_10.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off000107c5.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x107C5 | 5380 bytes |
SHA-256: b43873ded9a424402b26167f1944809b627328eb372de0bb3999362b25155987 |
|||
font_01_sfnt_off000119fe.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x119FE | 11196 bytes |
SHA-256: 113b339e740f5f18e1696ee4d70bb85027e3a8498ad59fece15a03659c6aa04f |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.