MALICIOUS
154
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
This PDF file was identified as malicious by ClamAV and an ML classifier. It contains a large number of external links, many of which point to unrelated PDF files, suggesting a link farm or SEO manipulation tactic. One of the primary URLs, 'https://bologen.ru/award?keyword=bmw+x1+preisliste+2020+pdf', is presented as a BMW price list, likely a lure to engage the user. No scripts were extracted, but the PDF structure itself is indicative of malicious intent.
Machine Learning
- Nyx PDF Classifier malicious score 0.8471
Heuristics 4
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://bologen.ru/award?keyword=bmw+x1+preisliste+2020+pdf
- http://sipataj.sportsontheweb.net/george_foreman_5-serving_classic_electric_indoor_grill_and_panini_press.pdf
- http://bepifukikuku.mygamesonline.org/how_to_program_white_rodgers_thermostat_1f80-0471.pdf
- https://jupavovol.weebly.com/uploads/1/3/4/3/134314217/c9ad2.pdf
- https://jetukuzimol.weebly.com/uploads/1/3/2/6/132695660/kitivaw_menebavufu_dekigu.pdf
- http://gepexoliv.medianewsonline.com/95590833493.pdf
- http://kuzexamipapoxip.medianewsonline.com/zatuvapi.pdf
- https://voruvagozi.weebly.com/uploads/1/3/4/7/134742827/tutipufure.pdf
- https://cdn-cms.f-static.net/uploads/4372378/normal_604124b96ec5e.pdf
- https://juwememuju.weebly.com/uploads/1/3/4/5/134523402/jadal-lexir-tuzurem.pdf
- https://cdn-cms.f-static.net/uploads/4471946/normal_603fac4e4b297.pdf
- https://static.s123-cdn-static.com/uploads/4421460/normal_6006b10bc23d1.pdf
- https://dixapixukezawe.weebly.com/uploads/1/3/5/3/135388261/925a4ef90e6bd.pdf
- https://gasatuba.weebly.com/uploads/1/3/4/5/134596028/9f11f4541.pdf
- http://fosipuzo.mypressonline.com/97659328953.pdf
- https://cdn-cms.f-static.net/uploads/4427519/normal_6027ed6db8402.pdf
- https://bagugesi.weebly.com/uploads/1/3/0/7/130775983/3861687.pdf
- http://pumorux.medianewsonline.com/dragon_age_asunder_free_download.pdf
- https://jirewolekaza.weebly.com/uploads/1/3/4/3/134387643/nusanudajita_levagogadetuki_gamijamun.pdf
- https://ritidajadufe.weebly.com/uploads/1/3/4/6/134622671/pafewawibil.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- http://malejubu.myartsonline.com/what_happened_at_the_end_of_the_story_the_veldt.pdf
- http://ruvemad.myartsonline.com/49178141867.pdf
- http://rofuvawitarul.atwebpages.com/bsc_maths_1st_year_books_free_download.pdf
- https://56f9ebfc-1b58-4ccd-90b9-24793863e956.filesusr.com/ugd/0f3536_ce72bcd469da47b685ad34cc26f8d6e2.pdf?index=true
- https://f2d828cf-06d9-46ea-85af-d88b0bc20d44.filesusr.com/ugd/501a20_1129205a6752488da464af5785d1d844.pdf?index=true
- https://cb70cc59-2297-49c3-b7e2-2ac7e26e28d4.filesusr.com/ugd/4479ed_d86112560c2c473eb8983a2ae225ae9e.pdf?index=true
- http://scripts.sil.org/OFL
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000ed46.bin54124fd1b03b31820b433037110222b581299b617aab834add4e6058c2486fb5 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xED46 | 5512 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.