MALICIOUS
174
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
The PDF is identified as an image-only lure, a common tactic for phishing or malware distribution. It contains numerous external links, including one pointing to 'https://xajibur.ru/aws?utm_term=after+5+anna+todd+read+online+free', which is likely the primary malicious destination. The ClamAV detection and ML classifier further support its malicious nature, suggesting it may deliver a trojan.
Machine Learning
- Nyx PDF Classifier malicious score 0.8335
Heuristics 5
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
Image-only document with action trigger (screenshot lure) medium PDF_IMAGE_LUREPDF has 1 image(s), only 0 text block(s), carries a click-outward action, and is only 58 KB — typical shape of a phishing lure where a full-page screenshot hides a clickable button that launches or submits to an attacker URL.
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://xajibur.ru/aws?utm_term=after+5+anna+todd+read+online+free
- http://janafan.scienceontheweb.net/lokirifebonez.pdf
- http://bodipok.getenjoyment.net/gosamiragadexe.pdf
- http://siviveko.getenjoyment.net/research_methods_in_public_administration_and_nonprofit_management.pdf
- http://zekaxezixil.medianewsonline.com/sas_sgplot_bar_chart_color.pdf
- http://rometinanuk.iblogger.org/xavaxapiwobilugeviwaz.pdf
- http://juzufezike.mygamesonline.org/adverbios_de_cantidad_en_frances.pdf
- http://dusuwuf.rf.gd/lirerovabenavi.pdf
- https://0fc0baf9-b884-4fcd-968e-f93c0f938930.filesusr.com/ugd/68ec51_c7413a2c7d194d0991061ed549685712.pdf?index=true
- https://uploads.strikinglycdn.com/files/482d8745-7ac2-432b-a1bc-fe58f563926f/tapenikanejoraderid.pdf
- https://uploads.strikinglycdn.com/files/fee427b5-abe8-4c52-ae21-b2d2ce3bf505/wolfgang_puck_bistro_5_cup_rice_cooker_manual.pdf
- https://6a1e2a5f-c456-4288-b9d5-5378f87870fb.filesusr.com/ugd/076fac_2202c4060ff348658f4976c05a7e762a.pdf?index=true
- https://87b84290-c0b3-4c73-97a1-3d59c64c3f69.filesusr.com/ugd/c638b7_bf6c71e0908d49d8b2f9f94e52cc50ba.pdf?index=true
- https://77a80da1-97a3-4b40-ba11-54c6d232eb66.filesusr.com/ugd/39a0fd_c2f5c7952cc242f4ac159d486a897e51.pdf?index=true
- https://uploads.strikinglycdn.com/files/6c4646ed-4b5c-43d0-8e99-cd7a5e2f7f98/diwijoriresukiwidesukixex.pdf
- https://c2dbac7f-2075-4dc1-ad03-af0d0352bff2.filesusr.com/ugd/278743_52ed9633ddcc47098deed82323f89078.pdf?index=true
- http://ragigixo.epizy.com/87803242102.pdf
- https://uploads.strikinglycdn.com/files/bed40b16-fa76-4292-9987-07eda92a60b8/42699840329.pdf
- http://kigagizotag.onlinewebshop.net/67006018646.pdf
- https://5548a280-a194-4776-8019-0e256783c1fa.filesusr.com/ugd/f2c1dc_f2af7e44b51342228b9cbff12fac565f.pdf?index=true
- https://f72e0e13-a873-49c5-9cb5-3c2848b8c5b2.filesusr.com/ugd/f8ba4b_e6c5a407fba647c7bf2f5ec9ca940c12.pdf?index=true
- https://16564176-4c62-44d7-82e3-1dea6b832d73.filesusr.com/ugd/5e57cf_f2eb0a41829045d2876f90ff2c1b6391.pdf?index=true
- https://uploads.strikinglycdn.com/files/ba01f7ab-a8b7-4d09-b701-968920d7b44f/nikon_f50_review.pdf
- https://31c8a3d4-0132-49f1-a04f-09c79d03e01f.filesusr.com/ugd/a4da84_2f76eee5b5df439ab847a433fafbe6ad.pdf?index=true
- http://tenezozujilajiw.rf.gd/canon_de_belleza_actual.pdf
Open this report in the interactive analyzer, or submit your own file for analysis.