MALICIOUS
156
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
This PDF file contains numerous external links, characteristic of a link farm designed to manipulate search engine results. The primary malicious URL, https://midufefew.ru/123?utm_term=allahabad+university+holiday+list+pdf, is likely intended to redirect users to malicious content or phishing pages. The presence of a link farm and the ML classifier's high confidence score indicate a malicious intent, likely related to phishing or malware distribution.
Machine Learning
- Nyx PDF Classifier malicious score 0.9967
Heuristics 5
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://midufefew.ru/123?utm_term=allahabad+university+holiday+list+pdf PDF link annotation
- https://cdn-cms.f-static.net/uploads/4489844/normal_5fdc02e3a10e7.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4498366/normal_60551450ddfb6.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4401971/normal_6004ff55acc7d.pdfIn PDF document text
- https://fuvetozexogix.weebly.com/uploads/1/3/0/8/130874326/fa188f846ee6.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4382782/normal_600dfcb9bb20f.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4503791/normal_60063e4c7714c.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4478383/normal_60087eb9b7944.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4459321/normal_6033e52d2d91b.pdfIn PDF document text
- https://monubigikupo.weebly.com/uploads/1/3/4/4/134493781/3a414a8514.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4418170/normal_603f16f41a730.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4463529/normal_6015147d0a843.pdfIn PDF document text
- https://gimebupezepufo.weebly.com/uploads/1/3/4/5/134507041/zoweposawinejonet.pdfIn PDF document text
- https://petominezejoza.weebly.com/uploads/1/3/2/3/132303337/6505869.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://uploads.strikinglycdn.com/files/304b2674-766f-4efd-ba2e-8acc3c177127/what_does_triangle_warning_light_mean.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/e7aabdd0-045c-48d9-8416-791ed19e1920/how_often_to_service_bmw_x3.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/3f58d899-a624-459b-b35c-f391dca2c9f5/thap_tam_thai_bao_1970_full.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/5ba626b4-0d86-4534-a045-ac37aa5db12e/51506621524.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/fe57a669-e0a8-497b-af15-0db7e3755bf0/ice_cream_machine_low_cost.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/613425d1-03c5-46b2-8b16-355096d38cd6/chemsheets_enthalpy_change_definitions.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/7a8e0164-9de6-4875-a5e4-fca52dac0e72/xijejibuxunizalur.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/369c4053-4422-4a30-9390-0d22e32aa76a/circle_time_activities_for_preschoolers_shapes.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/44cdd5b9-f785-48f9-810b-1000085769d3/gakum.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/fc42991f-d029-46f2-9860-7b8eee1c7a62/what_is_genre_conventions.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/6fb14c7d-7563-430c-95ea-0dd404023157/mezapirafane.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/a1eaf986-9bb8-4421-9817-c73121cf1c69/livros_de_xaviera_hollander.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/283d6c88-9389-4aa3-8f0e-8b9132febb9a/guzasujapusu.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000f7f4.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xF7F4 | 5420 bytes |
SHA-256: bf7e9882d6fcfd7b0466994e4b2a50bc1762e557ad14747fb38f6ea541bf2d28 |
|||
font_01_sfnt_off00010a5f.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x10A5F | 11068 bytes |
SHA-256: 69dabbf95cb909d0d8fbc2665e81e44dd15427c5bac20b3099de8d40f77f17ef |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.