MALICIOUS
154
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The file is a PDF containing numerous external links, with a critical heuristic identifying it as a PDF link farm. One of the primary external URIs points to 'zajinet.ru', which is flagged as suspicious. The ML classifier and ClamAV detection strongly indicate malicious intent, likely phishing or a trojan delivery mechanism. Although no scripts were explicitly extracted, the PDF structure and embedded links suggest an attempt to redirect users to malicious content.
Machine Learning
- Nyx PDF Classifier malicious score 0.8752
Heuristics 4
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://zajinet.ru/strik?utm_term=c%25C3%25B3digo+internacional+de+nomenclatura+zool%25C3%25B3gica
- https://jutixabit.weebly.com/uploads/1/3/4/0/134017524/rufatogowumeberavon.pdf
- https://wosutazewaxutu.weebly.com/uploads/1/3/0/7/130775331/nisibe.pdf
- https://cdn-cms.f-static.net/uploads/4483361/normal_5fe79a517cb9f.pdf
- https://pedomolakikivo.weebly.com/uploads/1/3/4/4/134440841/filifi.pdf
- https://static.s123-cdn-static.com/uploads/4457577/normal_6004f17bc55b4.pdf
- https://wozukepob.weebly.com/uploads/1/3/4/0/134017809/66f1bcb92.pdf
- https://static.s123-cdn-static.com/uploads/4375075/normal_5fe5659eb8c05.pdf
- https://juderesovabivov.weebly.com/uploads/1/3/4/6/134680251/c05e4d89.pdf
- https://perikoweb.weebly.com/uploads/1/3/5/2/135297066/8297578.pdf
- https://cdn-cms.f-static.net/uploads/4387417/normal_60623c2c8316d.pdf
- https://sajowomifekorur.weebly.com/uploads/1/3/4/3/134314212/sofitefudorijazu.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://uploads.strikinglycdn.com/files/a9e9506f-06d5-4824-ae2d-70dc8a2a91f1/will_a_humidifier_help_a_congested_baby.pdf
- https://uploads.strikinglycdn.com/files/193c7fae-80f0-4ed6-a3b2-752d089c2d47/ferajulerowupolimun.pdf
- https://uploads.strikinglycdn.com/files/83f92abb-9113-40a9-81dc-5124540ae281/how_do_i_contact_canada_customs_about_my_package.pdf
- https://uploads.strikinglycdn.com/files/9cf4f470-1a79-4bc5-8cdd-cbc19f2adc9e/40396748328.pdf
- https://uploads.strikinglycdn.com/files/7cd277a5-94d7-48c0-8175-c20fc06fd15c/finding_missing_angles_worksheet.pdf
- https://uploads.strikinglycdn.com/files/6d8b28c8-a257-4371-b0c5-495aa13fc079/napowum.pdf
- https://uploads.strikinglycdn.com/files/6be80bc0-2697-4102-80d0-e66f632b2ac3/candide_voltaire_fiche_de_lecture.pdf
- https://uploads.strikinglycdn.com/files/a05b620b-a4eb-402b-963d-c8994614444f/49415113237.pdf
- https://uploads.strikinglycdn.com/files/5ba0e74d-2d91-4834-bbe1-28c06b195d22/23720648641.pdf
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0001218a.binf7918c9081a2fb6a8e3d65a5f031a109e5619a15f86cecfc5d8a146789d6c967 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1218A | 5172 bytes |
font_01_sfnt_off000132cd.binef8cfd806dfdb826fe771885c8b67af3e633cfbf0631c79d58aaf9b388a2b10a |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x132CD | 12008 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.