MALICIOUS
156
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF contains numerous external links, including one to 'maypoin.ru', suggesting a link farm or phishing attempt. The ClamAV detection and ML classifier strongly indicate malicious intent, specifically identified as a phishing trojan. While no scripts were explicitly extracted, the PDF structure and heuristic firings point towards a malicious document designed to redirect users to potentially harmful sites.
Machine Learning
- Nyx PDF Classifier malicious score 0.9994
Heuristics 5
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://maypoin.ru/strik?utm_term=holiday+announcement+mail+format PDF link annotation
- https://cdn-cms.f-static.net/uploads/4485443/normal_6050cab245433.pdfIn PDF document text
- https://powirubojeti.weebly.com/uploads/1/3/1/4/131482959/puruxir-munite-silujenoditoku.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4445750/normal_606217e58c939.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4371524/normal_6024a453498c8.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4485162/normal_602d6a698484b.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4417226/normal_5fecbfe9740ab.pdfIn PDF document text
- https://jerisiliv.weebly.com/uploads/1/3/5/3/135314768/2889044.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4369765/normal_605dbb07692c1.pdfIn PDF document text
- https://vafarisitoguv.weebly.com/uploads/1/3/0/8/130874489/fofeduvofavifoki.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4490371/normal_60699f0685d2f.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4425491/normal_5ff56e4fd570c.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://uploads.strikinglycdn.com/files/2ed740f4-9532-4bc2-b41f-22953d766314/40219929370.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/5739bcdb-c090-496e-acd8-72c1621ab643/five_nights_at_freddys_4_apk_full_version_free_download.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/4c965831-2762-4e52-8680-072572fd2809/rheem_13kw_tankless_water_heater_manual.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/5077a18a-fec8-4845-a1c4-bdd138f8fba2/jezekugizo.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/dcff5146-330a-4ff2-ab5d-f37030dbcdbc/27111401617.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/323d38f3-1de2-42d3-a4b8-c7abc86f27fb/fonomikufemibibukewakuk.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/3d63d1a4-4de9-4727-8229-1799e0e4b27e/bejipibenagojifelib.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/b138f325-06b7-4a4c-a54e-c9ce670ef61f/apostila_ingles_basico_gratis.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/ede91396-bd0f-4685-a714-8e6541f2c49b/woponegujejipakeguvutotin.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/ec27e5d8-59f6-408f-a548-30685adc010d/kirinofaxedojemin.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/14f67f2e-f9c0-4e1c-b6e5-9cf8a524d230/how_to_clean_a_paslode_gun.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/6e5acf29-07fd-4680-bcd1-30e5fdd72a92/68192234062.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000f6d4.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xF6D4 | 5052 bytes |
SHA-256: 850cd6227abd488ff50d5779068a15a68c2f1d393112520731a2d70eca19a341 |
|||
font_01_sfnt_off000107f8.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x107F8 | 10836 bytes |
SHA-256: bb269a395c630b308f02f88763ee3a99cf1b561edca9e437260ac90e3de6abde |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.