MALICIOUS
124
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The sample is a PDF file flagged by multiple heuristics as malicious, including a high-confidence ML classifier and ClamAV detection. It contains numerous embedded URLs, with at least one pointing to a suspicious domain ('mezovuduw.ru') that is likely used for phishing or malware distribution. The PDF structure and embedded content suggest an attempt to disguise malicious activity, possibly as a lure for initial access via spearphishing.
Machine Learning
- Nyx PDF Classifier malicious score 0.9451
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
Small PDF is a non-clustered link farm on disposable hosting medium PDF_SEO_DISPOSABLE_LINK_FARMSmall PDF contains many clickable external PDF links spread thin across many distinct hosts (no single dominant host), corroborated by a utm_term SEO-redirector link and/or links parked on free/disposable content hosts. This is the 'free document/template' SEO phishing PDF family, which ranks for search queries and routes users into payload/redirect chains, rather than a normal document citation pattern. The PDF itself carries no exploit — the risk is the linked destinations.
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://mezovuduw.ru/strik?utm_term=date+renaissance+italienne
- http://italia-doc.space/yamaha_01v96i_manual2psmw.pdf
- http://dufasobogunojat.22web.org/15037345587.pdf
- http://esclub.pro/17993049922b0vv9.pdf
- http://begemot.space/percy_jackson_the_last_olympian_reading_levelqeido.pdf
- http://laxana.ru/topixesafagofitiv6scea.pdf
- http://salea.site/xupudexedipodioqnco.pdf
- http://jedilinosur.mywebcommunity.org/troy_bilt_pony_tiller_wheels_wont_turn.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- http://nudoritane.atwebpages.com/antrenmanlara_matematik_2.pdf
- https://uploads.strikinglycdn.com/files/14b1784d-3feb-429f-b52a-922526bd886a/92965425645.pdf
- https://uploads.strikinglycdn.com/files/12359f9d-3606-4685-a6b9-6486540d4d17/37543070175.pdf
- https://47a25507-5c4f-4e73-9b7c-0c49514c8174.filesusr.com/ugd/e00bd3_c1e4f3f60a0243768250ef2128e890d6.pdf?index=true
- http://mojogoralil.onlinewebshop.net/who_is_neptunes_father.pdf
- https://36425c1f-c329-48aa-845d-1f8252cb45c8.filesusr.com/ugd/01d500_fce6e6ac3fa441a9a6d53eecd93b582e.pdf?index=true
- http://xibogowidam.epizy.com/amma_songs_telugu.pdf
- https://uploads.strikinglycdn.com/files/c1d64b05-485d-448d-94b6-2e1cab30fb9b/87245344232.pdf
- http://vetanafajodomek.epizy.com/nasapuzulurasefupogusufe.pdf
- https://uploads.strikinglycdn.com/files/a5ac96dc-9562-485c-9c0d-53ceb9c3b2d1/72442345783.pdf
- https://87c8fc71-818b-4167-bf0d-2ac3bc49ffd1.filesusr.com/ugd/f9d4cd_b0387916623440d88a10bc22c4f8b122.pdf?index=true
- http://dotenax.rf.gd/citra_3ds_android_2019_apk.pdf
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0001f842.bin53c8be3c60130fd0912faaf3b41b417abe16436d08365d4c96244d244ce0d616 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1F842 | 4852 bytes |
font_01_sfnt_off00020908.bin9da491ff4957dbc73193b1a269da8ae1814ebb4cd24e31588944e533b85e6a7e |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x20908 | 4792 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.