MALICIOUS
174
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
The PDF is identified as an image-only lure, typical of phishing campaigns, containing numerous external links. The ClamAV detection and ML classifier further support its malicious nature. The embedded URLs, such as 'https://fokemale.ru/strik?utm_term=selenium+testng+tutorial+point' and 'http://dress-russia.ru/fexuvusebozjw2t.pdf', likely lead to further stages of the attack, potentially downloading additional malware or redirecting to credential harvesting pages.
Machine Learning
- Nyx PDF Classifier malicious score 0.6845
Heuristics 5
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
-
Image-only document with action trigger (screenshot lure) medium PDF_IMAGE_LUREPDF has 1 image(s), only 0 text block(s), carries a click-outward action, and is only 61 KB — typical shape of a phishing lure where a full-page screenshot hides a clickable button that launches or submits to an attacker URL.
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://fokemale.ru/strik?utm_term=selenium+testng+tutorial+point
- http://dress-russia.ru/fexuvusebozjw2t.pdf
- http://fitit.space/18960083207xvbss.pdf
- https://cdn-cms.f-static.net/uploads/4417543/normal_5fd63b6df2b8e.pdf
- https://cdn-cms.f-static.net/uploads/4485942/normal_6034271cd4bed.pdf
- https://cdn-cms.f-static.net/uploads/4468289/normal_6032af6d27dfe.pdf
- http://fufirewavit.getenjoyment.net/76328377233.pdf
- https://cdn-cms.f-static.net/uploads/4365661/normal_603322ee6c188.pdf
- https://static.s123-cdn-static.com/uploads/4366984/normal_5fecf3eb4d033.pdf
- https://cdn-cms.f-static.net/uploads/4496360/normal_605338cda9445.pdf
- https://cdn-cms.f-static.net/uploads/4448115/normal_6056b63df1388.pdf
- https://cdn-cms.f-static.net/uploads/4488329/normal_604ef3da8febc.pdf
- https://cdn-cms.f-static.net/uploads/4456728/normal_60212ba41965a.pdf
- https://uploads.strikinglycdn.com/files/481a740a-fd51-461d-be65-77347fb438a8/69307196625.pdf
- https://uploads.strikinglycdn.com/files/7a296597-ab27-49dd-9136-316a31f982ee/download_driver_audio_hp_pavilion_dv5000_windows_7.pdf
- http://dozuxix.myartsonline.com/peavey_bandit_112_red_stripe_speaker.pdf
- https://91c7bc9f-df77-4dbd-ae51-8bcf521f3e61.filesusr.com/ugd/1df9ea_d4776db7da5c4c4c817f39b306a5f586.pdf?index=true
- https://2d130471-2a64-48ba-87cf-8f1e86c6acad.filesusr.com/ugd/9c43ec_8002f5387dc94e9a879ed2ae674a5d30.pdf?index=true
- https://493f174a-a540-412c-bacb-e5b7b26cbfcf.filesusr.com/ugd/95bb70_fc7ae05b32e34a97addb466f5cbdfb68.pdf?index=true
- https://uploads.strikinglycdn.com/files/ec276cbb-4b6b-4c51-bd8d-c9834bdd372f/onn_dvd_player_codes_for_universal_remote.pdf
- https://033a7475-7ccb-45c1-8f1e-38fd320d48d0.filesusr.com/ugd/03a576_5b1714b68e484486882a59169065bdd8.pdf?index=true
- https://uploads.strikinglycdn.com/files/0400fd03-c967-4bc3-9790-95efb07d2a30/gevaxad.pdf
Open this report in the interactive analyzer, or submit your own file for analysis.