MALICIOUS
174
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
The PDF is identified as malicious by multiple heuristics and a machine learning classifier, with ClamAV detecting it as a phishing trojan. It employs an image-only lure, a common tactic to disguise clickable links. The primary malicious URL identified is fokemale.ru, which is likely used to redirect the user to a phishing site or to download further malicious content.
Machine Learning
- Nyx PDF Classifier malicious score 0.8964
Heuristics 5
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
-
Image-only document with action trigger (screenshot lure) medium PDF_IMAGE_LUREPDF has 1 image(s), only 0 text block(s), carries a click-outward action, and is only 40 KB — typical shape of a phishing lure where a full-page screenshot hides a clickable button that launches or submits to an attacker URL.
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://fokemale.ru/award?keyword=beefer+rezepte+pdf
- https://cdn-cms.f-static.net/uploads/4490250/normal_6046f1cd5f182.pdf
- https://cdn-cms.f-static.net/uploads/4486353/normal_602f4358e6d0b.pdf
- https://static.s123-cdn-static.com/uploads/4422144/normal_6002c243cc7a2.pdf
- https://wekosidofanepa.weebly.com/uploads/1/3/2/6/132696212/5983657.pdf
- https://wodiwige.weebly.com/uploads/1/3/5/3/135317556/wepizupafab_mibabavu_zalekoxet_dafevirexika.pdf
- https://cdn-cms.f-static.net/uploads/4473415/normal_6042f037eec52.pdf
- https://cdn-cms.f-static.net/uploads/4484835/normal_6045eadd5d4d2.pdf
- https://cdn-cms.f-static.net/uploads/4413862/normal_601123df4b39c.pdf
- https://cdn-cms.f-static.net/uploads/4491148/normal_60537f3fb154d.pdf
- https://cdn-cms.f-static.net/uploads/4416504/normal_6037191773e2a.pdf
- https://static.s123-cdn-static.com/uploads/4420039/normal_5ff84852c9d4d.pdf
- https://static.s123-cdn-static.com/uploads/4485705/normal_5fc8e13be0fc7.pdf
- https://uploads.strikinglycdn.com/files/163eab6b-ad6f-4e4a-9bb1-a3bdf5d04b20/how_to_remove_architect_pop_up.pdf
- https://uploads.strikinglycdn.com/files/2a5f5a83-e40b-42d8-a83f-6fde9e6bda78/11407175771.pdf
- https://uploads.strikinglycdn.com/files/faab4684-6a5d-4d4e-a006-8155767cbc7b/red_piebald_mini_dachshund_for_sale.pdf
- https://uploads.strikinglycdn.com/files/c1a6362d-748c-4410-a8e7-2d954c4312e1/aliens_unlimited_galaxy_guide.pdf
- https://uploads.strikinglycdn.com/files/1e4cf754-441e-4101-8811-c71cc847757a/best_price_peavey_bandit_112.pdf
- https://uploads.strikinglycdn.com/files/b674361e-4e65-41aa-bc53-6dbd469d4a29/bunker_hill_security_120_lumen_solar_motion_security_light_-_black.pdf
- https://uploads.strikinglycdn.com/files/32783b9c-9b96-4097-b704-bec3158e1882/30554820598.pdf
- https://uploads.strikinglycdn.com/files/2dec1ed7-94ef-4cf6-bb1b-dcf609a421f0/what_is_the_best_tea_maker_to_buy.pdf
- https://uploads.strikinglycdn.com/files/7de8ae13-409e-4861-a3a2-d8bfc2cfcf31/wireless_wifi_repeater_reset.pdf
- https://uploads.strikinglycdn.com/files/029af8fc-8176-4ae5-b715-4c7a674be2b5/cherrypickers_guide_to_rare_die_varieties_6th_edition_volume_i.pdf
Open this report in the interactive analyzer, or submit your own file for analysis.