MALICIOUS
126
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1204.002 Malicious Link
This PDF document was flagged as malicious by ClamAV and an ML classifier. The file embeds a large number of external links characteristic of an SEO link farm. Specific URLs and indicators for this sample are listed in the indicators section.
Machine Learning
- Nyx PDF Classifier malicious score 0.9996
Heuristics 5
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
Small PDF is a non-clustered link farm on disposable hosting medium PDF_SEO_DISPOSABLE_LINK_FARMSmall PDF contains many clickable external PDF links spread thin across many distinct hosts (no single dominant host), corroborated by a utm_term SEO-redirector link and/or links parked on free/disposable content hosts. This is the 'free document/template' SEO phishing PDF family, which ranks for search queries and routes users into payload/redirect chains, rather than a normal document citation pattern. The PDF itself carries no exploit — the risk is the linked destinations.
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://dafemum.ru/strik?utm_term=how+to+start+bread+bakery+business+in+nigeria PDF link annotation
- http://apsdd54gfv.xyz/vizio_29_2.0_sound_bar_setupwakpx.pdfIn PDF document text
- http://wonnaturila.space/lelavegizamotajatijepadia8r0c.pdfIn PDF document text
- http://sks-expertiza.ru/72002832735a3jut.pdfIn PDF document text
- http://steblin.pro/abdominal_aortic_aneurysm_surgical_guidelines1yqbb.pdfIn PDF document text
- http://xtrading.buzz/7910210280hq4xs.pdfIn PDF document text
- http://rogofede.22web.org/majirusowi.pdfIn PDF document text
- http://felidefewipikig.22web.org/16976601404.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://uploads.strikinglycdn.com/files/aad527ae-6cdc-4037-a5ec-2ca8727c83e8/how_to_breathe_correctly_during_exercise.pdfIn PDF document text
- http://tilozirudikobuk.rf.gd/physics_and_maths_tutor_moments_answers.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/4a67ce4a-7f9b-4aca-9477-0c4b6c5f18c1/veritas_gmat_practice_test_review.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/b2795104-0ec3-4eea-83ef-5740a056d0f6/king_lear_act_5_quotes_quizlet.pdfIn PDF document text
- http://rupufunolodul.rf.gd/a_day_in_falsettoland_sheet_music.pdfIn PDF document text
- http://deravamosu.rf.gd/numewopexupagenagixewofa.pdfIn PDF document text
- http://lumaxixi.epizy.com/spiderman_2_pizza_theme_piano_sheet.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/de225e8c-71a7-44c3-a0f4-6da3cc31ca39/why_did_my_samsung_microwave_stop_heating.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/d71fdc7c-18e2-4e7a-9015-e1368de6bea2/32037826484.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/ee304541-8099-4237-828d-e7aae0b96aa8/little_shop_of_horrors_plant_puppet_for_sale.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/4b6a5901-9876-45eb-b7f2-e36a38f63938/93328257148.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/e1b386b2-dd4d-4042-a564-b30d9542dff0/genie_garage_door_sensor_blinking_green.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/255085f7-d1b6-45ba-8cd3-6a536d52de5b/can_you_build_size_with_calisthenics.pdfIn PDF document text
- http://bumerezuwo.epizy.com/62948449660.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/6fbc5cdc-8a35-4af1-9ff7-9d1c9bf66b53/intermediate_microeconomics_a_modern_approach_6th_edition.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000fa62.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xFA62 | 5320 bytes |
SHA-256: 2324ee1898b50249dcc063b8025fb9a25cad8d07244ef7e32d07d21aef9217e3 |
|||
font_01_sfnt_off00010ca1.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x10CA1 | 11092 bytes |
SHA-256: 5db79742ef1674d9ad58a84e9a2f507aa010cf0af9a986b95f6b27f6b38c5b44 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.