MALICIOUS
126
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1204.002 Malicious Link
This PDF document was flagged as malicious by ClamAV and an ML classifier. The file embeds a large number of external links characteristic of an SEO link farm. Specific URLs and indicators for this sample are listed in the indicators section.
Machine Learning
- Nyx PDF Classifier malicious score 0.9975
Heuristics 5
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
Small PDF is a non-clustered link farm on disposable hosting medium PDF_SEO_DISPOSABLE_LINK_FARMSmall PDF contains many clickable external PDF links spread thin across many distinct hosts (no single dominant host), corroborated by a utm_term SEO-redirector link and/or links parked on free/disposable content hosts. This is the 'free document/template' SEO phishing PDF family, which ranks for search queries and routes users into payload/redirect chains, rather than a normal document citation pattern. The PDF itself carries no exploit — the risk is the linked destinations.
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://lozipotod.ru/award?keyword=bizhub+c454e+manual+pdf PDF link annotation
- https://static.s123-cdn-static.com/uploads/4496853/normal_5ff3b5c9aef6e.pdfIn PDF document text
- https://cdn.sqhk.co/bitaxukezor/590VSkB/lizowizuwodekaw.pdfIn PDF document text
- https://cdn.sqhk.co/kadeposamo/jHvhcjf/90771237045.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4381294/normal_60461df6b113f.pdfIn PDF document text
- https://cdn.sqhk.co/falugojafat/iijbiYH/download_mini_car_racing_windows_7_ultimate.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4377935/normal_603a0240ea533.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4390330/normal_60133235135af.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4408355/normal_603884d43c1a3.pdfIn PDF document text
- https://cdn.sqhk.co/latosagax/AvhihdA/jukuboromajaxojadowe.pdfIn PDF document text
- https://cdn.sqhk.co/sawitofi/cidwVLq/tomizopasirusi.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://96a9e3af-f0c3-4048-9e6c-0ad8da3c6018.filesusr.com/ugd/15d534_e943821175c244b4a9a34777eafaff81.pdf?index=trueIn PDF document text
- https://2b81f3f0-3f46-42ff-87a7-5865dd96cd3c.filesusr.com/ugd/fb41f9_993942f968124e13abba7c83dbb654a9.pdf?index=trueIn PDF document text
- https://24d1f61b-f5c5-4d2f-8180-62589f44e8d8.filesusr.com/ugd/eed56f_92a471283fa342f88c20d72399c54eff.pdf?index=trueIn PDF document text
- https://uploads.strikinglycdn.com/files/c399ebfc-b9aa-4101-ac59-da4ada74aa9b/mekobujurib.pdfIn PDF document text
- https://de99934f-f465-4d69-af5e-14f317c0a7c6.filesusr.com/ugd/4fea5c_984b44705abf48dab03c0f7dd0ea0d77.pdf?index=trueIn PDF document text
- https://uploads.strikinglycdn.com/files/ad44ef85-8524-4eec-9f45-1776e1c39439/obdlink_mx_wont_connect.pdfIn PDF document text
- https://56076a71-1b70-41e8-afe1-d547c394b4ee.filesusr.com/ugd/ab0d05_6d3ea816a9044562b791259cb526c13e.pdf?index=trueIn PDF document text
- https://uploads.strikinglycdn.com/files/5abe37e3-edc2-418d-be0a-2b3454dd022c/96762348003.pdfIn PDF document text
- https://070488ba-e3d9-4c74-834b-445551f5513c.filesusr.com/ugd/fb83f1_3845f636a8e74f6f85bb871d9340607d.pdf?index=trueIn PDF document text
- https://uploads.strikinglycdn.com/files/d2c6a406-494a-4a8b-b965-2a884da535b5/diduvalenojojedevebodefa.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/862de719-3282-4fef-8d81-4e3bac140ff0/how_to_build_your_own_3d_printer_from_scratch.pdfIn PDF document text
- https://a5fc3680-5c08-4cda-bd6c-abaa3bdf25bc.filesusr.com/ugd/ea5d7b_ab2438f091a74e1e8e5167d53811e90e.pdf?index=trueIn PDF document text
- https://0df6220b-9630-4647-aab6-0d9db69b9d59.filesusr.com/ugd/8b97dd_3a62861614a2487e880b718457a170ea.pdf?index=trueIn PDF document text
- https://2489a575-72f7-492f-b117-28cfe4a4d2a3.filesusr.com/ugd/d81705_15c0e5979247445dafc72cea1fc8dae0.pdf?index=trueIn PDF document text
- https://71a0d42b-91d5-4e94-9338-ff69ca8a624b.filesusr.com/ugd/e5d5e5_3ed723e1cd6d4aabae14ae1a2b538921.pdf?index=trueIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00023367.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x23367 | 3724 bytes |
SHA-256: ce22c8eaa1f53a77d563481fc3f0abc202627ce0e69ac912df19b60822d178aa |
|||
font_01_sfnt_off000240a4.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x240A4 | 5572 bytes |
SHA-256: 81bd6a474c58584dd3b34ccc7c4eb39890161633bd5152b9637ce0beefca106a |
|||
font_02_sfnt_off0002538c.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x2538C | 13552 bytes |
SHA-256: 2404cfc5610928294b053795064e057ee722dc17d527da26dbd91a28166c2b96 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.