MALICIOUS
126
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF file contains multiple embedded URLs, with a primary focus on a link to 'midufefew.ru' which is likely a phishing or malware distribution site. The heuristic 'PDF_SEO_DISPOSABLE_LINK_FARM' indicates a pattern of using disposable hosting for link farms, suggesting malicious intent. The ML classifier and ClamAV detection strongly indicate this PDF is malicious, likely serving as a lure for cracked software.
Machine Learning
- Nyx PDF Classifier malicious score 0.9679
Heuristics 5
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
Small PDF is a non-clustered link farm on disposable hosting medium PDF_SEO_DISPOSABLE_LINK_FARMSmall PDF contains many clickable external PDF links spread thin across many distinct hosts (no single dominant host), corroborated by a utm_term SEO-redirector link and/or links parked on free/disposable content hosts. This is the 'free document/template' SEO phishing PDF family, which ranks for search queries and routes users into payload/redirect chains, rather than a normal document citation pattern. The PDF itself carries no exploit — the risk is the linked destinations.
-
External URI info PDF_URIPDF contains an external URL action
-
PDF differential parser failed info PDF_DIFFERENTIAL_PARSE_FAILEDThe cross-check parser (pdfminer.six) failed on this file: PDF differential parser failed: PDFSyntaxError. Static heuristics still ran and any of their findings above are valid; only the differential cross-check signal is missing.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://midufefew.ru/strik?utm_term=pro+tools+10+ilok+license+crack PDF link annotation
- https://cdn-cms.f-static.net/uploads/4377905/normal_5fe9eeb46a9e6.pdfIn PDF document text
- http://ladirojenovezoj.mygamesonline.org/fexajalapulu.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4475734/normal_5ff8d937e5c84.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4403119/normal_6023f01207e10.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4403680/normal_605599d2169b4.pdfIn PDF document text
- http://wamipivifubape.sportsontheweb.net/dewumupelawobiba.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4470040/normal_5fcf9fb50c7c8.pdfIn PDF document text
- http://milafikolume.iblogger.org/bapesupigibukixa.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- http://jimarol.myartsonline.com/ortopedia_y_traumatologia_silberman_4ta_edicion.pdfIn PDF document text
- http://lopaxoreje.rf.gd/62195806679.pdfIn PDF document text
- https://cff07a16-13b2-455b-8a78-148a75b158b4.filesusr.com/ugd/cda0c7_a32d33b580844120a18fc02cf7e1c5f8.pdf?index=trueIn PDF document text
- https://569e8712-2873-4b93-a654-ea71b6b809e3.filesusr.com/ugd/345929_b29d9c86c0e74bbfaf12acee7684881a.pdf?index=trueIn PDF document text
- http://walaratetev.epizy.com/kubota_bx25d_attachments.pdfIn PDF document text
- http://mupumirupuwanaf.epizy.com/benak.pdfIn PDF document text
- http://bujisovi.epizy.com/absent_letter_for_work_template.pdfIn PDF document text
- https://923a8ca3-316b-4844-b38f-9bc955ad4852.filesusr.com/ugd/312e0e_86756110e5e74594927f2ba01757f9d7.pdf?index=trueIn PDF document text
- https://6fd4412c-3e6e-4f21-a9af-8137ffc6c0d9.filesusr.com/ugd/03469c_bc7e5cd9b7ed4c98825f302f2e98e114.pdf?index=trueIn PDF document text
- https://12c48f50-3553-44c7-a31c-19fc5df83d07.filesusr.com/ugd/7e0eb0_e5b9d6c00e594c4daddf18f88928857b.pdf?index=trueIn PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000e5a1.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xE5A1 | 5052 bytes |
SHA-256: c5c7e886dd945d75220b3c409272afa557b7c229bb64f1cafe8b68f88f655c6b |
|||
font_01_sfnt_off0000f6e5.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xF6E5 | 11636 bytes |
SHA-256: e5e9ff40e0d470d8e699d47c0303abdf41f6be881dcb6c458f9dc5d7e7323752 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.