MALICIOUS
156
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
This PDF document was flagged as malicious by ClamAV and an ML classifier. The file embeds a large number of external links characteristic of an SEO link farm. Specific URLs and indicators for this sample are listed in the indicators section.
Machine Learning
- Nyx PDF Classifier malicious score 0.9991
Heuristics 5
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://gimoguvi.ru/123?utm_term=worksheet+generator+3 PDF link annotation
- https://lofativunami.weebly.com/uploads/1/3/4/5/134581692/4758d16a3b7ed.pdfIn PDF document text
- https://cdn.sqhk.co/wazikunal/hkTU3Pd/64951031448.pdfIn PDF document text
- https://tabivivefevevu.weebly.com/uploads/1/3/4/8/134889686/munujuzavakojifebog.pdfIn PDF document text
- https://cdn.sqhk.co/zodozane/HgcEIhf/game_center_app_android.pdfIn PDF document text
- https://soxokelu.weebly.com/uploads/1/3/4/4/134494323/dfa9caf.pdfIn PDF document text
- https://taburexil.weebly.com/uploads/1/3/4/3/134374137/44ba928c73f.pdfIn PDF document text
- https://cdn.sqhk.co/xugavizira/hjUaNhd/37897528197.pdfIn PDF document text
- https://cdn.sqhk.co/buzomesil/RlHjb8N/97107963593.pdfIn PDF document text
- https://cdn.sqhk.co/nedovipirumu/jexjhhi/22_bay_farm_road_kingston_ma.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://5b0e1d79-1acc-45ba-a965-31015372eee8.filesusr.com/ugd/67f5f7_b634d19491ff4b7e9ea6448d53f391d8.pdf?index=trueIn PDF document text
- https://uploads.strikinglycdn.com/files/bf7ff792-345d-411b-af29-bbb044d99310/mubamejofodawuwunug.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/cf24f589-6f82-4ac9-b1b9-13ae0b6cabbb/zigipunifozurarokewo.pdfIn PDF document text
- https://s3.amazonaws.com/wolina/what_is_27_weeks_pregnant_in_months.pdfIn PDF document text
- https://s3.amazonaws.com/sikuva/48955004104.pdfIn PDF document text
- https://s3.amazonaws.com/juzewojavomofew/office_2016_kms_host_license_pack.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/5fa8b4a5-44d7-4fd4-bb69-fe70a03aff69/critical_thinking_book_1.pdfIn PDF document text
- https://931f52e6-cb68-4a93-8e02-54808d33f8b6.filesusr.com/ugd/6290de_fa8bb63e9b9b40f2961302090281178f.pdf?index=trueIn PDF document text
- https://234a0c07-d908-4261-bb83-16b3c96a9b04.filesusr.com/ugd/73e0e6_958cdd1acd63418c9b782f369270b19c.pdf?index=trueIn PDF document text
- https://s3.amazonaws.com/wofaxil/how_to_play_worship_songs_on_bass_guitar.pdfIn PDF document text
- https://s3.amazonaws.com/padosumifubobo/ubuntu_server_live.pdfIn PDF document text
- https://s3.amazonaws.com/kitakilesa/vevonogatoximupijo.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/acada42b-7812-427f-9e82-8254f403defa/is_la_la_land_on_netflix_canada.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/9ad26b57-1640-451d-ab35-1d983df8a518/landscaping_ideas_for_the_side_of_my_house.pdfIn PDF document text
- https://s3.amazonaws.com/zafibimutadoti/amharic_psychology_books.pdfIn PDF document text
- https://37523d11-79cf-4eb3-ada4-f05de57c71ee.filesusr.com/ugd/275374_20d915ffd3834458ab97f65a80c45cb3.pdf?index=trueIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000deba.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xDEBA | 5156 bytes |
SHA-256: 9ddfa5e3a06a3a62e4ba9ec3f6b09ee66a8989fe578a3944a030721dd94d3fb8 |
|||
font_01_sfnt_off0000f052.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xF052 | 10600 bytes |
SHA-256: 358446fd0300bdaea91774c0aab8de1646520bed6ce7358c169d44c0d2cc15e6 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.