MALICIOUS
156
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF file was detected as malicious by ClamAV and an ML classifier, indicating a high likelihood of malicious intent. It contains a large number of external links, suggesting it functions as a link farm or a phishing lure, directing users to potentially harmful websites like golowaki.ru. The document body is heavily obfuscated and appears to be a mix of metadata and corrupted text, preventing a clear understanding of its specific content beyond the lure.
Machine Learning
- Nyx PDF Classifier malicious score 0.9991
Heuristics 5
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://golowaki.ru/aws?utm_term=war+of+the+worlds+2005+tripod PDF link annotation
- https://cdn-cms.f-static.net/uploads/4417405/normal_603bada6bb098.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4451228/normal_604673cb4fa8a.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4503214/normal_5fd044549c834.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4381730/normal_600e0a9e033fc.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4369626/normal_603fe86cb667d.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4383449/normal_5fcf200d22122.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4384142/normal_5fec632c38d28.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4450347/normal_5fdb9b26d0a90.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4418973/normal_5fdf9ca3db9d0.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4459329/normal_5ffa5750de0b7.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://uploads.strikinglycdn.com/files/28e43770-7cad-443d-a3f1-8634fd11490f/38876917353.pdfIn PDF document text
- https://dca540c6-954d-4243-9f09-0921753db957.filesusr.com/ugd/974a4e_2f442973a2b34b8090b3151224f04ff0.pdf?index=trueIn PDF document text
- https://3cde87c3-25ab-478b-b58d-ba072f1c7540.filesusr.com/ugd/255d97_e54a85447c604021b9ac4479a2dee53e.pdf?index=trueIn PDF document text
- https://0fe83ef2-ed6b-4f04-a52d-31fe3c58d8d1.filesusr.com/ugd/ade4e6_fd1005bec88246f6ab2a33312daf83d1.pdf?index=trueIn PDF document text
- https://s3.amazonaws.com/jujadodedaruxix/gebubo.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/afbd2fc7-12f3-4949-9731-31a353e07b35/52485681572.pdfIn PDF document text
- https://80b2a579-f9ed-4aa0-b91a-ac3c8973c086.filesusr.com/ugd/353d00_d35b4e9e5f8747eea1f0eeea2f677e1a.pdf?index=trueIn PDF document text
- https://s3.amazonaws.com/jamuluvuvava/i_love_you_cg_movie_mp4.pdfIn PDF document text
- https://s3.amazonaws.com/paropabaru/fidumunoguladipado.pdfIn PDF document text
- https://s3.amazonaws.com/wupagivoz/best_flight_tracker_app_android_free.pdfIn PDF document text
- https://s3.amazonaws.com/liwafo/esc_esh_guidelines_2018.pdfIn PDF document text
- https://s3.amazonaws.com/ziwuvijevo/electromagnetic_induction_worksheet_with_answers.pdfIn PDF document text
- https://s3.amazonaws.com/megodipewukitoj/label_template_16_per_sheet_no_border.pdfIn PDF document text
- https://s3.amazonaws.com/bulozor/92050618487.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000eec9.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xEEC9 | 5632 bytes |
SHA-256: 1e574f41a6f6395317844bfbea963695fe5b7062bba898f9732356b865872110 |
|||
font_01_sfnt_off0001020a.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1020A | 10740 bytes |
SHA-256: c33e33e6d510f575c3d72f5c98669dd28c15fa55b26a30c5c062f372b244f9c7 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.