MALICIOUS
156
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF contains a large number of external links, identified by the PDF_SEO_LINK_FARM heuristic, pointing to various PDF files. One of these links, https://traffine.ru/strik?utm_term=121cm+in+inches, is flagged as suspicious. The ML classifier and ClamAV detection strongly indicate maliciousness, likely related to phishing or malware distribution through the linked content.
Machine Learning
- Nyx PDF Classifier malicious score 0.9998
Heuristics 5
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://traffine.ru/strik?utm_term=121cm+in+inches
- https://cdn-cms.f-static.net/uploads/4402246/normal_5f9e8d9831606.pdf
- https://zewonawexekuke.weebly.com/uploads/1/3/4/3/134318694/041ea710475.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://uploads.strikinglycdn.com/files/79fe75a8-6eab-4335-9216-06a9f01b9f03/casio_fx_260_manual.pdf
- https://s3.amazonaws.com/mukutud/free_580_case_backhoe_manual.pdf
- https://uploads.strikinglycdn.com/files/e73307ef-836b-46b7-868b-9d51ee4ee8cc/398920181.pdf
- https://s3.amazonaws.com/gifiz/experiencing_god_download.pdf
- https://uploads.strikinglycdn.com/files/b4e64445-ff7f-4a22-b653-93f84bdd9625/sosubaroxa.pdf
- https://s3.amazonaws.com/defujo/electricity_webquest_answer_key.pdf
- https://uploads.strikinglycdn.com/files/e0bfa1b1-d95e-456d-b9df-5e51af3a2c79/tam_saylarda_drt_ilem_sorular.pdf
- https://uploads.strikinglycdn.com/files/7eda776b-4a0a-461a-8dc5-dd6af3132574/luvatuma.pdf
- https://s3.amazonaws.com/firudegix/1538219041.pdf
- https://s3.amazonaws.com/jenisozazewubo/79908587537.pdf
- https://s3.amazonaws.com/suxiweke/sales_commission_agreement_template_doc.pdf
- https://uploads.strikinglycdn.com/files/3ca82957-25d0-450c-b75c-837a2f489fcb/final_fantasy_14_rogue.pdf
- https://s3.amazonaws.com/boxalewijim/cardiac_heart_failure_guidelines.pdf
- https://uploads.strikinglycdn.com/files/c21cd7b9-eb0f-4ff0-8e93-c216ce03910e/80901560981.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000ced6.bin8e233af04e6679f9a0aaa0c344f8459cbd73f755b766e1a18fba0fca90d7c19e |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xCED6 | 4788 bytes |
font_01_sfnt_off0000df06.bin3377f39c7ce94339f428c4793728ca10028e23df790df0a0a9f282e8f599e461 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xDF06 | 10664 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.