MALICIOUS
126
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF was flagged by ML classifiers and ClamAV as malicious, specifically as a phishing trojan. It contains multiple embedded URIs, including one pointing to 'seumenha.ru' which is likely a phishing or malicious site. The PDF structure and embedded links suggest an attempt to redirect users to external content, consistent with phishing or malware distribution.
Machine Learning
- Nyx PDF Classifier malicious score 0.9992
Heuristics 5
-
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
-
Small PDF is a non-clustered link farm on disposable hosting medium PDF_SEO_DISPOSABLE_LINK_FARMSmall PDF contains many clickable external PDF links spread thin across many distinct hosts (no single dominant host), corroborated by a utm_term SEO-redirector link and/or links parked on free/disposable content hosts. This is the 'free document/template' SEO phishing PDF family, which ranks for search queries and routes users into payload/redirect chains, rather than a normal document citation pattern. The PDF itself carries no exploit — the risk is the linked destinations.
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://seumenha.ru/strik?utm_term=d%2526d+beyond+monsters+homebrew PDF link annotation
- http://myirn.icu/sinisisevigudo9mlgo.pdfIn PDF document text
- http://1xbets-regs.site/what_is_a_pre_purchase_car_inspectionj4ew7.pdfIn PDF document text
- http://sutugolewajoz.22web.org/femtocell_technology_seminar_report_ppt.pdfIn PDF document text
- http://everydayy.fun/how_to_speak_english_fluently_for_beginners2mvqn.pdfIn PDF document text
- http://lutokororale.iblogger.org/acca_f5_study_material.pdfIn PDF document text
- http://creamwalls.online/economic_growth_meaning8pn1r.pdfIn PDF document text
- http://nosukave.22web.org/rikatifojozurolisi.pdfIn PDF document text
- http://the-english-temple.com/86957010708mmlkm.pdfIn PDF document text
- http://meetsoda.pro/72019894622anic3.pdfIn PDF document text
- https://cdn.sqhk.co/wajerewuwer/hae05XJ/significado_de_autopista_en_informatica.pdfIn PDF document text
- http://urott-hu.com/the_tragedy_of_macbeth_act_1_scene_7machp.pdfIn PDF document text
- http://garant-ritual.online/904942682gguwf.pdfIn PDF document text
- https://cdn.sqhk.co/velabolo/jPshia8/doom_64_n64_rom_cool.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://s3.amazonaws.com/wezukep/balance_sheet_sample_for_merchandising.pdfIn PDF document text
- https://s3.amazonaws.com/nuvukivaxiren/wi_dnr_lake_superior_fishing_report.pdfIn PDF document text
- https://5a995288-ce6f-4ae3-a3e6-14272d8003db.filesusr.com/ugd/7be1cd_89a3fc6639ed4776851d623060d51212.pdf?index=trueIn PDF document text
- https://18bc7be3-897e-46c1-a475-efc190d089bd.filesusr.com/ugd/62845f_8fb528231847450ab1ea29b689d659e7.pdf?index=trueIn PDF document text
- https://s3.amazonaws.com/rumezo/thomas_troward_best_quotes.pdfIn PDF document text
- https://729282ec-1290-4cbc-9302-cf8a24acd4c7.filesusr.com/ugd/42c189_74b21b97af3940e58bdbd514f8943bea.pdf?index=trueIn PDF document text
- https://f8340159-69ce-4309-ac43-521e9a8475b4.filesusr.com/ugd/bc0b97_c0f9f1fa0b8543bf9d5aa633668ff5ce.pdf?index=trueIn PDF document text
- http://zajoneforisomi.rf.gd/haldia_petrochemicals_annual_report_2017.pdfIn PDF document text
- https://s3.amazonaws.com/widiku/8265068355.pdfIn PDF document text
- https://s3.amazonaws.com/peveziwoguxuzam/sequence_number_sheet.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000ed74.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xED74 | 4156 bytes |
SHA-256: 9253c4ec90eb8b217ae91b3aef6412788d3d1419415539c5cfb70110cf842fd1 |
|||
font_01_sfnt_off0000fba2.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xFBA2 | 10768 bytes |
SHA-256: 6c9bf9ce45158b6cfc5ef561da5f7e142b2df92657c83270c00611fd113cdfaf |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.