MALICIOUS
156
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF file contains numerous external links, identified by the PDF_SEO_LINK_FARM heuristic, suggesting a link farm or phishing attempt. The ClamAV detection and ML classifier strongly indicate malicious intent. The embedded URL points to a domain associated with potentially malicious content, and the document body, though heavily obfuscated, suggests a lure related to educational content.
Machine Learning
- Nyx PDF Classifier malicious score 0.9974
Heuristics 5
-
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://maypoin.ru/123?utm_term=finding+and+using+the+discriminant+matching+worksheet PDF link annotation
- https://cdn-cms.f-static.net/uploads/4452400/normal_60403af0dd6cb.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4497650/normal_5ff04924e8332.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4382976/normal_601b2c50c406a.pdfIn PDF document text
- https://static.s123-cdn-static-d.com/uploads/4470387/normal_60afe91557865.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4447497/normal_603e08e81bc50.pdfIn PDF document text
- https://temazerezeveleg.weebly.com/uploads/1/3/4/7/134763385/6400521.pdfIn PDF document text
- https://zisawotagaxikad.weebly.com/uploads/1/3/4/4/134478332/fufepimazusax_basakovelexob_jinijafowo.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4408343/normal_603f266c9b16d.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4381997/normal_604bb5840720c.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://uploads.strikinglycdn.com/files/9f0d700e-2127-45cf-a5a8-29d2504a7bb7/ruselosipoxajuzuxug.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/1d61f3ee-dba0-4cbb-9695-21773bd7d0d2/braun_series_9_9290cc_electric_shaver.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/723a5619-398d-4764-80ec-54201bdcd474/the_negotiable_instruments_act_1881_in_tamil.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/8c2190b5-f650-4753-820d-2c3c4c5b76f8/premier_protein_shakes_reviews_for_weight_loss.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/7dd4cf92-6d3e-4907-81da-90ea173e2aed/how_to_set_up_sharp_atomic_wall_clock.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/92723513-f650-4bd3-9c47-972a669f5be6/technical_analysis_candlestick_patterns.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/a0b519e9-3477-45c0-abb5-bf976a294a00/kiwafi.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/80671f5e-8028-493e-a883-e27e9813c2db/ministry_of_manpower_and_transmigration_indonesia_website.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/3bdcc988-8752-46be-92ef-58ed583a46fd/emt_crash_course.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/de1222e4-1df5-412e-9798-0eb355176bd4/will_there_be_a_lot_of_stars_out_tonight.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/81e2b3eb-ae54-4f2b-9b1d-67f6cc626613/debeniwososobirakejoga.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/a0250acc-e515-4e79-be86-7902b3a5c1a6/15297739384.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/3a6058ef-7624-4fc6-92ed-a81ee4402e47/73009618932.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/aeaef145-92a2-4847-801f-7f827a01a38d/house_on_mango_street_quotes_and_page_numbers.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0001fa9b.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1FA9B | 5432 bytes |
SHA-256: fe08515f77b3ac4b35a7999e98436ce7c284c1581bb7b5104fa0e42e14ebe90a |
|||
font_01_sfnt_off00020d06.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x20D06 | 11340 bytes |
SHA-256: aa60b92f09025b15f7e88d905c840b2619347a5ed1a2c37c177fe759aa50c6c5 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.