MALICIOUS
156
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF contains numerous external links, with a critical heuristic identifying it as a link farm designed to direct users to other PDFs. One of the primary external URIs, 'https://traffset.ru/strik?utm_term=live+phish+releases+ranked', suggests a phishing or malicious content lure. The ML classifier and ClamAV detection strongly indicate malicious intent, likely related to phishing or malware distribution.
Machine Learning
- Nyx PDF Classifier malicious score 0.9402
Heuristics 5
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
External URI info PDF_URIPDF contains an external URL action
-
PDF differential parser failed info PDF_DIFFERENTIAL_PARSE_FAILEDThe cross-check parser (pdfminer.six) failed on this file: PDF differential parser failed: PDFSyntaxError. Static heuristics still ran and any of their findings above are valid; only the differential cross-check signal is missing.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://traffset.ru/strik?utm_term=live+phish+releases+ranked PDF link annotation
- https://xesapidad.weebly.com/uploads/1/3/4/3/134346602/zedarejoda.pdfIn PDF document text
- https://nokesopupikes.weebly.com/uploads/1/3/4/7/134767934/kigireseg_wexawoxubele_pojukaboj_zupugig.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://s3.amazonaws.com/jexijer/vazulagemi.pdfIn PDF document text
- https://static1.squarespace.com/static/5fc65c44d49dd1244759b117/t/5fd04bfefc93c51d16da73b6/1607486463020/nimorivafogujesawuvike.pdfIn PDF document text
- https://s3.amazonaws.com/julaxel/2.2_properties_of_water_answers.pdfIn PDF document text
- https://s3.amazonaws.com/juzowilipi/fekafajagotafomanuwuzu.pdfIn PDF document text
- https://static1.squarespace.com/static/5fde7bc2425c6404843c03bf/t/5fded4b4f23a830a59b53d70/1608438965613/vetosegakanomad.pdfIn PDF document text
- https://s3.amazonaws.com/nevowimo/94789943151.pdfIn PDF document text
- https://s3.amazonaws.com/dojonuta/mentoring_minds_reading_answer_key_level_4.pdfIn PDF document text
- https://s3.amazonaws.com/vonusirukete/bejeweled_3_online_free_game.pdfIn PDF document text
- https://s3.amazonaws.com/wutisigila/71597876561.pdfIn PDF document text
- https://s3.amazonaws.com/pajeriramal/anchor_tag_excel_file.pdfIn PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00010426.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x10426 | 5112 bytes |
SHA-256: e1ba2a46b939c6c1e076fe182f1f125c2a9453919623ce192de702c96864b8ac |
|||
font_01_sfnt_off00011586.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x11586 | 11208 bytes |
SHA-256: 5610d1551ff54d2fe396f33da82773487cf01e484b26df90a696077a7d6b0bda |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.