MALICIOUS
156
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF contains numerous external links, with a primary suspicious URL pointing to 'vilenefex.ru'. Heuristics indicate a PDF link farm and ML classification strongly suggests maliciousness. The document body, though corrupted, contains text related to 'Alan Carr easy way to stop smoking book', suggesting a lure to disguise the malicious intent of directing users to the external URL.
Machine Learning
- Nyx PDF Classifier malicious score 0.9964
Heuristics 5
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://vilenefex.ru/strik?utm_term=alan+carr+easy+way+to+stop+smoking+book PDF link annotation
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://uploads.strikinglycdn.com/files/72da0b09-115e-4d47-9996-08986180b9ff/what_pic_witty_answers.pdfIn PDF document text
- https://d5aacb37-8766-4234-9cc8-c2ec3b911aba.filesusr.com/ugd/1e723b_15efabb41f7d4630adb143c80a2da2fe.pdf?index=trueIn PDF document text
- https://620678a0-8f5b-407b-881a-8a96a128c1c4.filesusr.com/ugd/25b7a6_a68da92db8464447805bcfa276263500.pdf?index=trueIn PDF document text
- http://muwosogada.rf.gd/basics_of_c_programming_language.pdfIn PDF document text
- http://muzasedek.epizy.com/dieta_cetogenica_30_dias.pdfIn PDF document text
- https://s3.amazonaws.com/jezaxojipevu/memufu.pdfIn PDF document text
- https://s3.amazonaws.com/waduzirader/dazar_alor_raid_guide_horde.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/0429507f-5291-499b-8e01-2fcf7bd8ed9b/christopher_hitchens_mortality_vanity_fair.pdfIn PDF document text
- https://300a1258-3b13-45f7-80b9-bd8966f45320.filesusr.com/ugd/81888a_83016218261f4a22b5b317f49609d6a2.pdf?index=trueIn PDF document text
- https://s3.amazonaws.com/nezanurugega/release_notes_template_for_software_testing.pdfIn PDF document text
- https://s3.amazonaws.com/votawawo/what_are_the_different_types_of_pvc.pdfIn PDF document text
- https://s3.amazonaws.com/zamemigojat/kizimo.pdfIn PDF document text
- https://s3.amazonaws.com/tetenifeme/sawekofofuv.pdfIn PDF document text
- https://s3.amazonaws.com/zedudo/rikajetilavifitipuzuteve.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/67b93e77-f2f6-4ed2-983e-10b22c4e889b/39045612655.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/2a1416fc-ad84-4262-85e9-414e88844e94/17368166927.pdfIn PDF document text
- https://5548a280-a194-4776-8019-0e256783c1fa.filesusr.com/ugd/f2c1dc_5b6cdb15293b4a239f3975849ca0e360.pdf?index=trueIn PDF document text
- http://kikogam.rf.gd/putuvopakipo.pdfIn PDF document text
- http://kuposefo.epizy.com/dazajojelifotekozasemorag.pdfIn PDF document text
- http://voxedolap.epizy.com/rad_primary_ballet_music.pdfIn PDF document text
- https://s3.amazonaws.com/migivewuwe/ipcc_report_2019_land_use.pdfIn PDF document text
- https://9005a25f-7293-4a73-bb0f-bc58e8c16807.filesusr.com/ugd/e3834b_96fb5e140984409ea7866c12b9935174.pdf?index=trueIn PDF document text
- https://s3.amazonaws.com/vuterijoze/hidden_call_recorder_pro_apk.pdfIn PDF document text
- https://s3.amazonaws.com/fonazuzixagizir/dimolekenusiruzuweve.pdfIn PDF document text
- https://s3.amazonaws.com/kawotexulozax/71183945035.pdfIn PDF document text
- https://s3.amazonaws.com/gaxuremewuger/xewabadetu.pdfIn PDF document text
- https://s3.amazonaws.com/vexeliku/how_to_write_an_essay_on_the_theme_of_a_novel.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000fc16.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xFC16 | 5640 bytes |
SHA-256: df93eae972e5d9347df7bf792b7c406798fdcdf3313dae369d62f91877d908f8 |
|||
font_01_sfnt_off00010f4a.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x10F4A | 11172 bytes |
SHA-256: a7880e2d6071d82834a089f4f8aac96cc045c36c9a673ec562b4b830fe7277a6 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.