MALICIOUS
212
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
The PDF contains numerous links, with one specifically pointing to a known malicious redirector. The document body, though heavily obfuscated, appears to be a lure related to a popular movie title, suggesting a phishing or SEO poisoning tactic. The presence of many PDF links indicates a link farm strategy, likely to distribute malicious content or improve search engine ranking for malicious sites.
Machine Learning
- Nyx PDF Classifier malicious score 0.9813
Heuristics 4
-
PDF links to known malicious redirector infrastructure critical PDF_MALICIOUS_REDIRECTOR_LINKPDF contains a clickable URI to redirector infrastructure used by a known malicious PDF SEO/adware delivery campaign. These documents typically rely on user interaction and redirect chains rather than a PDF parser vulnerability.
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://yafferge.ru/strik?utm_term=is+the+boy+in+the+striped+pajamas+on+netflix+2021
- http://podarokinsta24.online/wahl_cordless_dog_clippers_nz4uv23.pdf
- https://xomixosusanit.weebly.com/uploads/1/3/1/4/131438267/tigimegokenubusa.pdf
- http://gouliwer.online/why_did_my_honeywell_fan_stopped_workingt4d9d.pdf
- https://numibogag.weebly.com/uploads/1/3/4/3/134323011/7359075.pdf
- https://jenodaxadow.weebly.com/uploads/1/3/4/0/134012655/221976.pdf
- http://vipmanmarket.space/all_my_sons_moving__storage_las_vegasjw7pv.pdf
- https://ninisajata.weebly.com/uploads/1/3/4/8/134869212/jofoninanulozolix.pdf
- https://s3.amazonaws.com/vinejivunitego/oregon_rental_laws_carpet_cleaning.pdf
- https://s3.amazonaws.com/ravuxudibure/list_of_nec_codes_and_standards.pdf
- https://uploads.strikinglycdn.com/files/e0b1d474-2f47-4817-8271-5611a084a97d/sap_users_in_india.pdf
- https://s3.amazonaws.com/libosokune/fezafigatemipipuwikurakaf.pdf
- https://s3.amazonaws.com/ditiruz/report_animal_abuse_london_ontario.pdf
- https://0feddc0e-03bc-46a3-a741-45303deff239.filesusr.com/ugd/6ea6a2_306d2c56fe5147638b2573d72e7549f4.pdf?index=true
- https://s3.amazonaws.com/serogajugomiji/whirlpool_refrigerator_service_mode.pdf
- https://uploads.strikinglycdn.com/files/78daedab-2bc7-46e0-a734-2a8944f49478/83495496560.pdf
- https://s3.amazonaws.com/nuxulikiwab/84954951517.pdf
- https://uploads.strikinglycdn.com/files/3f7d8b3a-041e-468f-a0e3-6cef420b2b77/4552274195.pdf
- https://s3.amazonaws.com/falejogajir/myers_briggs_test_free_career.pdf
- https://e3c65705-3664-417e-97b1-2ac29bfab8bd.filesusr.com/ugd/6a5da5_bf3a534d7f2e44d7afee16d3106db56b.pdf?index=true
- https://ef9d90ca-5811-4a1c-810e-75bcfae60121.filesusr.com/ugd/a33af7_2e3a3531c5374e04842b5bd8307544d6.pdf?index=true
- https://s3.amazonaws.com/nisiwanolom/rajasthan_jhalawar_weather_report.pdf
- https://s3.amazonaws.com/wovugi/merrills_atlas_of_radiographic_positioning_and_procedures_workbook.pdf
- https://s3.amazonaws.com/remeranexe/how_much_does_it_cost_to_replace_a_treadmill_belt.pdf
Open this report in the interactive analyzer, or submit your own file for analysis.