MALICIOUS
156
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF file contains numerous external links, a common tactic for phishing or SEO spam. One prominent link, 'https://baarspo.ru/strik?utm_term=gimp+pour+macbook+air', suggests a lure related to software, likely intended to redirect users to a malicious site. The ClamAV detection and ML classifier strongly indicate malicious intent, classifying it as a phishing trojan.
Machine Learning
- Nyx PDF Classifier malicious score 0.9997
Heuristics 5
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://baarspo.ru/strik?utm_term=gimp+pour+macbook+air PDF link annotation
- https://boviseweduxiraz.weebly.com/uploads/1/3/0/7/130776594/joxuxusozidi.pdfIn PDF document text
- https://wawumojobov.weebly.com/uploads/1/3/5/3/135323155/2d4c93f906fdb.pdfIn PDF document text
- https://dedolodaramolon.weebly.com/uploads/1/3/1/4/131455072/medotafozema_xikuvine_fogiwemakezusa_janajizesaxo.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://9c50f6df-e9c1-453e-a208-eff1cefe231f.filesusr.com/ugd/44b3dc_2cbb1097cb6c4cbeb30ee219b99a3abb.pdf?index=trueIn PDF document text
- https://s3.amazonaws.com/votuweroxigezog/jaberepogisosim.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/d60bd559-f749-47ba-ae28-2fe2a84b3c17/wipibeveradiborakum.pdfIn PDF document text
- https://359ea524-acbf-40a7-8d58-ee96a8f10bc8.filesusr.com/ugd/ca2e76_5d86e7867a634efea74099067699c1fc.pdf?index=trueIn PDF document text
- https://s3.amazonaws.com/firudegix/39466231289.pdfIn PDF document text
- https://s3.amazonaws.com/fejatepudopito/celect_wireless_thermostat_manual.pdfIn PDF document text
- https://s3.amazonaws.com/betefowubevat/elements_of_arts_in_gothic_sculpture.pdfIn PDF document text
- https://s3.amazonaws.com/wufujudisu/systemverilog_queue_find.pdfIn PDF document text
- https://72b50e20-f79f-40ca-96b4-24bef83e308f.filesusr.com/ugd/1a1092_18ac5bcaa7a04aa7850d5be0fc149f7c.pdf?index=trueIn PDF document text
- https://uploads.strikinglycdn.com/files/04b58570-d010-48d3-8187-9c0ed6fa7d33/gozidiretovopaditew.pdfIn PDF document text
- https://s3.amazonaws.com/nafibanefexex/past_modals_of_deduction_exercises_with_answers.pdfIn PDF document text
- https://6ec3981f-6443-463b-a164-91fc69f101d9.filesusr.com/ugd/7603ae_721e3c4611c54beeb7643096def121e8.pdf?index=trueIn PDF document text
- https://s3.amazonaws.com/toguvaju/gipudosugaxota.pdfIn PDF document text
- https://b6f97e74-198a-461d-a312-d71b9712332b.filesusr.com/ugd/a2d007_7a046678e6604a1d96e35b98ac794f7b.pdf?index=trueIn PDF document text
- https://8eefcaf3-52f5-4123-8be5-b1f0aaeea45e.filesusr.com/ugd/1d3654_9e915b40cb6745149af685992d4ad99b.pdf?index=trueIn PDF document text
- https://uploads.strikinglycdn.com/files/cb9a60ed-1940-4e67-8f06-c4ce97cca403/wu_tang_clan_song_cream_lyrics.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/ea5e2a7d-60b0-4922-a49c-24486a8de74a/hp_laserjet_1100_driver_windows_7_32_bit.pdfIn PDF document text
- https://d7301f0f-9730-4f6e-9d95-601e203cb770.filesusr.com/ugd/253413_2cb7dad968b34183af8dde08950564f4.pdf?index=trueIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000e656.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xE656 | 5104 bytes |
SHA-256: 0c444f676ab1a4221b730836a1a8cd0f98e7e3c309ff4c284f488ea388b4a84b |
|||
font_01_sfnt_off0000f79d.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xF79D | 12708 bytes |
SHA-256: 857ed48bd910cb8f341ee3993cc34286e56ed379ee05a28345bc3a4c43435948 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.