MALICIOUS
124
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The sample was detected as a malicious PDF by ClamAV and an ML classifier, indicating a high likelihood of malicious intent. It contains numerous links pointing to compromised WordPress sites, suggesting it is used to distribute or host malicious content. The PDF_COMPROMISED_CMS_UPLOAD_LINK_FARM heuristic further supports this, indicating the use of compromised upload directories on websites.
Machine Learning
- Nyx PDF Classifier malicious score 0.9756
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
PDF link farm points to compromised-WordPress upload storage medium PDF_COMPROMISED_CMS_UPLOAD_LINK_FARMPDF contains multiple clickable links, across many distinct hosts, whose targets are random-slug files parked in the upload directories of vulnerable WordPress form plugins (FormCraft, Super Forms). This is the hallmark of the 'free document/template' SEO phishing PDF family, which ranks for search queries and routes users into payload/redirect chains hosted on compromised sites. The PDF itself carries no exploit — the risk is the linked destinations.
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://lisahyatthealth.com/wp-content/plugins/formcraft/file-upload/server/content/files/160735ae6a6dc4---bifepilitagu.pdf
- https://www.kalirich.com/wp-content/plugins/super-forms/uploads/php/files/jibrp9c2nb0istpaoqunampv21/tapesoninopiposelituxid.pdf
- https://f1com.ge/wp-content/plugins/super-forms/uploads/php/files/de24ff7c02c7cb5862b0631f5e94aee0/pabisafaginupukenedufiga.pdf
- https://playgametoday.ru/wp-content/plugins/super-forms/uploads/php/files/9ef982319dfa53297c20342004f56b3e/merul.pdf
- http://kindervakantieweekdeurne.nl/wp-content/plugins/formcraft/file-upload/server/content/files/160adc57497d52---bibupujusexini.pdf
- http://braintradingbcn.com/wp-content/plugins/super-forms/uploads/php/files/779a4847595891366c6cca82240cab21/36804130779.pdf
- https://www.americanapi.com/wp-content/plugins/formcraft/file-upload/server/content/files/160923ed0a65e2---mejusadabudepovibita.pdf
- https://www.qbuildsoftware.com/wp-content/plugins/super-forms/uploads/php/files/c2af9293832d79d7d3b5e91230cbc3ab/gidakesidezob.pdf
- https://cspdental.com/wp-content/plugins/super-forms/uploads/php/files/ecb407b16f6fa7a661669c2a226f6734/ledapatizub.pdf
- http://www.dramayaramendes.com.br/wp-content/plugins/formcraft/file-upload/server/content/files/1607ad502092e9---66345954653.pdf
- https://genesisbehaviorcenter.com/wp-content/plugins/super-forms/uploads/php/files/8c81128958848f06436b9b805648628c/xolatimipuwajatimobun.pdf
- https://www.pfgpartners.com.au/wp-content/plugins/formcraft/file-upload/server/content/files/16083dd6e47ae2---sapuwilomujejuruporaguke.pdf
- https://vizzzio.ru/wp-content/plugins/super-forms/uploads/php/files/2c4e732308785ec8e6fd7bea121a7ed8/tavagajozivakewaworobom.pdf
- http://rufullthrottle.com/wp-content/plugins/formcraft/file-upload/server/content/files/1609087c0b3458---temamumolukomuzi.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://feedproxy.google.com/~r/Uplcv/~3/zMnd8XtcwSM/uplcv?utm_term=besame+mucho+sheet+music+pdf+free
- http://scripts.sil.org/OFL
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000dcc7.binb33c15dcb3d5c5b651c409669f1e8e0a1621a3adc34e5dcfa22b9b2392e180bd |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xDCC7 | 5412 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.