MALICIOUS
156
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
This PDF file exhibits characteristics of a phishing or scam campaign, indicated by the presence of a large number of external links, many of which are likely part of a link farm. The document body, though heavily obfuscated, suggests a lure related to search queries. The ClamAV detection and ML classifier further support its malicious nature, pointing towards a phishing or trojanized PDF.
Machine Learning
- Nyx PDF Classifier malicious score 0.9991
Heuristics 5
-
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://fokemale.ru/award?keyword=how+do+i+find+the+area+of+compound+shapes PDF link annotation
- https://cdn.sqhk.co/wofetewa/Fjhiffq/directv_billing_dispute_phone_number.pdfIn PDF document text
- https://cdn.sqhk.co/jotapepikota/ie2HjcK/eggplant_noodles_recipe.pdfIn PDF document text
- https://cdn.sqhk.co/juzexokogim/igujggi/danosinonewaludozom.pdfIn PDF document text
- https://cdn.sqhk.co/gujowaxexag/x2gcTsZ/39828272331.pdfIn PDF document text
- https://cdn.sqhk.co/ribafesupuro/hih0hgg/87073204516.pdfIn PDF document text
- https://cdn.sqhk.co/dobulefipuji/haFihJK/websites_that_give_free_robux_2019.pdfIn PDF document text
- https://cdn.sqhk.co/pujixefan/7gjgcgd/monster_truck_games_freestyle.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://e1eccfe9-8888-4f52-a155-e9c8e84e0752.filesusr.com/ugd/4fb05f_0ff5f418a43045b69c94cb0e3f975b37.pdf?index=trueIn PDF document text
- https://0879403c-3be5-48e4-925f-21334a7d5cfe.filesusr.com/ugd/407fcc_1e96d30f7d82427ab950f9b15452126f.pdf?index=trueIn PDF document text
- https://042e50b4-45d0-4577-915a-c14d43ab21ad.filesusr.com/ugd/18f527_b7d5b999ea584ff49b12bedabdbec443.pdf?index=trueIn PDF document text
- https://s3.amazonaws.com/wetowuzuxit/57625006142.pdfIn PDF document text
- https://s3.amazonaws.com/zodawanuror/canadian_citizenship_study_guide_answers.pdfIn PDF document text
- https://315736c7-1030-4200-8d24-05c9f4951019.filesusr.com/ugd/d19ca0_cc6baee26dfa4775b65928e2b932e8f6.pdf?index=trueIn PDF document text
- https://s3.amazonaws.com/wegemebufojafak/93911512246.pdfIn PDF document text
- https://d926c97b-7f3b-4ec8-a52a-318bcb589338.filesusr.com/ugd/120f26_8726e491e0fe46aaa3d0a51c15d3cebf.pdf?index=trueIn PDF document text
- https://4a39c6c9-989b-4d11-b2d8-cc0becc7f193.filesusr.com/ugd/ef0078_c68e225a31ca419f88470b1c786a3e28.pdf?index=trueIn PDF document text
- https://cdd249b8-77b1-4a94-b024-8995efe4d959.filesusr.com/ugd/d394ff_8d0f85378cb446d9800b546b7fe3b667.pdf?index=trueIn PDF document text
- https://s3.amazonaws.com/mujevubutukoxu/how_to_draw_a_mask_step_by_step.pdfIn PDF document text
- https://s3.amazonaws.com/vawoginele/53173995681.pdfIn PDF document text
- https://s3.amazonaws.com/makumapikeze/multiplying_and_dividing_fractions_coloring_activity_answers.pdfIn PDF document text
- https://s3.amazonaws.com/doxifuba/30858597929.pdfIn PDF document text
- https://42e65457-ec34-4553-8979-78b6e302f774.filesusr.com/ugd/f1976d_0a6cdd1831124c40a9b1e8272120269d.pdf?index=trueIn PDF document text
- https://s3.amazonaws.com/vovabagubajegeb/48000948401.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000e76d.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xE76D | 5416 bytes |
SHA-256: 1c119bd8ae47b8b45464c8d0417d5ec7421b076a84685cd4ed73b0f7682f5a65 |
|||
font_01_sfnt_off0000f9ba.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xF9BA | 1576 bytes |
SHA-256: aeb1ed3c152c9131dcf926a7bffc5ad1b483092c39f2febcbe5265a32dd01fc8 |
|||
font_02_sfnt_off000101d8.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x101D8 | 10328 bytes |
SHA-256: 2916ddf74e954b719a6130cfb59d7d58d518250cf57baafee704b499f8a46206 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.