MALICIOUS
156
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
This PDF document was flagged as malicious by ClamAV and an ML classifier. The file embeds a large number of external links characteristic of an SEO link farm. Specific URLs and indicators for this sample are listed in the indicators section.
Machine Learning
- Nyx PDF Classifier malicious score 0.9996
Heuristics 5
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://baarspo.ru/123?utm_term=aceable+driving+answers PDF link annotation
- https://static.s123-cdn-static.com/uploads/4467975/normal_60020c7ea163f.pdfIn PDF document text
- https://static.s123-cdn-static-d.com/uploads/4421339/normal_60b05cf19e0fd.pdfIn PDF document text
- https://mixenabunagoxo.weebly.com/uploads/1/3/5/3/135320093/01b7e.pdfIn PDF document text
- https://vifekifuveju.weebly.com/uploads/1/3/4/5/134597055/pomumopot.pdfIn PDF document text
- https://tekerigaxigo.weebly.com/uploads/1/3/4/7/134702693/7240371.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://uploads.strikinglycdn.com/files/a3b1e6c5-3283-47fc-a8b1-e26577ee2848/how_to_adjust_sram_brake_lever_reach.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/131de9f5-855f-4c71-bd68-ef919dc6963f/tatujusemireg.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/ee5f352c-a6ba-47cf-8b33-5e4fce89eefa/ninabufakuxadimipigo.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/16396baa-108c-41a6-9e1b-5ea8c13acaf0/myers_psychology_for_ap_3rd_edition_slader.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/3838f18e-d3be-4067-bfc9-9ba8453814df/borikasup.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/e185dc18-354e-4e84-b9f5-572f49fe6c52/fevaxamepi.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/56024ce6-d6f2-4d92-b4f7-3f4e88c891e9/internal_combustion_engines_fundamentals.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/9033d395-1988-4fa9-b05e-c1fb9b74b04a/how_to_solve_trigonometry_questions_class_10_easily.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/2cbf44e6-7e14-4ba1-abc6-705864686495/vexovelidewubolilisowijo.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/740ea396-0681-4b2d-9305-1c7dba755b1a/complete_list_of_john_grisham_books_in_order.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/c672ae8b-9960-483d-a84f-01fd3c5eb182/ingenuity_inlighten_baby_swing_weight_limit.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/e46897d8-59c1-45a3-a9b8-b6ebe59f63fc/tumuzo.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/6ecbd13d-9cc1-445d-bd95-0b1dd9ace671/5617735716.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/d466af76-3e60-4eeb-91aa-2e6eb99690bd/how_to_delete_series_recordings_on_spectrum.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
- http://dejavu.sourceforge.netIn PDF document text
- http://dejavu.sourceforge.net/wiki/index.php/LicenseIn PDF document text
Extracted artifacts 4
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000f882.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xF882 | 5388 bytes |
SHA-256: f5633c4082e452f21108bb4689a466db87b41d2ff2cf33f7251b0121132b9a71 |
|||
font_01_sfnt_off00010aee.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x10AEE | 3068 bytes |
SHA-256: e09f7931f4ded5084609efdac397f4069c4b477df7abd8c52e082f9e266976b1 |
|||
font_02_sfnt_off000117d4.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x117D4 | 10748 bytes |
SHA-256: cd527c00706fa34038496eabeea8f22d31c186419fcdb92c5e90af58584dd322 |
|||
font_03_sfnt_off00013cbe.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x13CBE | 16544 bytes |
SHA-256: 49230a07578f2a0b108554ff1d47b1cb24b8f8081254bad551c0ce72ea05e0a5 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.