MALICIOUS
156
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
This PDF file was flagged by ML classifiers and ClamAV as malicious, specifically as a phishing trojan. It contains a large number of external links, many of which are likely part of a link farm designed to obscure the true malicious destination. The document body, though heavily obfuscated, suggests a lure related to a 'guide'. The presence of embedded URLs and the PDF_SEO_LINK_FARM heuristic indicate an attempt to redirect users to potentially malicious content.
Machine Learning
- Nyx PDF Classifier malicious score 0.9992
Heuristics 5
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://lozipotod.ru/wix?keyword=brutal+black+dragon+guide+2019 PDF link annotation
- https://cdn.sqhk.co/zurefaxenov/eTheq1m/telegram_and_gazette_cancel_subscription.pdfIn PDF document text
- https://xonifosanonozo.weebly.com/uploads/1/3/2/6/132680915/zevosagunudadomewufu.pdfIn PDF document text
- https://sixoribena.weebly.com/uploads/1/3/4/8/134848884/nilab.pdfIn PDF document text
- http://nagajavanof.22web.org/simple_inventory_report_format.pdfIn PDF document text
- https://gunomelovolif.weebly.com/uploads/1/3/4/7/134735852/desipom_zuluganimavi_jizebep.pdfIn PDF document text
- https://cdn.sqhk.co/sewenajete/mqiiw12/acrobat_software_free.pdfIn PDF document text
- https://cdn.sqhk.co/bezorufuv/d81rhag/sawar.pdfIn PDF document text
- https://jipuzalo.weebly.com/uploads/1/3/4/6/134693454/penumibidusefos.pdfIn PDF document text
- https://cdn.sqhk.co/jutigurotow/aUVjicJ/stickman_superhero_shadow_fighting_game_mod_apk.pdfIn PDF document text
- https://wukodaxumubef.weebly.com/uploads/1/3/4/4/134438005/3002536.pdfIn PDF document text
- https://cdn.sqhk.co/botonerepap/fbeAhdM/cashback_deals_on_mobile_phones.pdfIn PDF document text
- https://zikemuwebiwolim.weebly.com/uploads/1/3/5/9/135992964/sawusujop.pdfIn PDF document text
- http://kilubome.iblogger.org/java_swing_tutorialspoint.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- http://damewanobojojo.rf.gd/simplest_explanation_is_the_best.pdfIn PDF document text
- https://s3.amazonaws.com/votuweroxigezog/82500121054.pdfIn PDF document text
- https://s3.amazonaws.com/faduxodiwo/beach_buggy_unlimited.pdfIn PDF document text
- https://s3.amazonaws.com/wupiwupiwot/how_to_master_with_logic_pro_x.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/1b568a2c-3157-487b-a3a5-f9c2e0a3cd66/fifty_shades_of_grey_2_full_movie_download_filmywap.pdfIn PDF document text
- http://gezewezelatemak.epizy.com/9440621465.pdfIn PDF document text
- https://s3.amazonaws.com/zunaporam/pearson_chemistry_sl_textbook_answers.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/f3215773-ff20-44dc-a6c2-78e4755c038b/tumebarizanezaseleta.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/bee1db84-726d-4330-b12f-b35f0de0c6af/hp_probook_4530s_wireless_drivers_for_windows_10_64_bit.pdfIn PDF document text
- https://s3.amazonaws.com/gotijejaj/construction_tools_coloring_sheets.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000f579.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xF579 | 5664 bytes |
SHA-256: df8879ff694435f9d0709b1be7f5528a004e425243b66c78a86d5672738a0e12 |
|||
font_01_sfnt_off000108cf.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x108CF | 11020 bytes |
SHA-256: 9b44ca40ef4022c4565fe3866dd99513355add44d35a48118faf6c0b96758971 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.