MALICIOUS
156
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
This PDF document was flagged as malicious by ClamAV and an ML classifier. The file embeds a large number of external links characteristic of an SEO link farm. Specific URLs and indicators for this sample are listed in the indicators section.
Machine Learning
- Nyx PDF Classifier malicious score 0.9997
Heuristics 5
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://resalured.ru/strik?utm_term=qu%25C3%25A9+significa+composici%25C3%25B3n+en+arquitectura PDF link annotation
- https://cdn-cms.f-static.net/uploads/4448538/normal_605a9295022f3.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4486054/normal_5fe56d02491f0.pdfIn PDF document text
- https://vomerigovelaj.weebly.com/uploads/1/3/4/9/134901888/wivolefeka.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4497395/normal_6012fd95d2685.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4386361/normal_6052a20c9ead3.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4444644/normal_600dc7d451e68.pdfIn PDF document text
- https://losiweso.weebly.com/uploads/1/3/1/3/131380476/tanuv-rapit.pdfIn PDF document text
- https://gebiralegesexi.weebly.com/uploads/1/3/0/8/130814020/3896163.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://d1ced4a1-fa29-4c66-b583-77209f32159a.filesusr.com/ugd/c88d8b_4aa1605175994ddab79c0e2a03b44109.pdf?index=trueIn PDF document text
- https://uploads.strikinglycdn.com/files/fe9f9695-8749-40ef-a22b-9d5f316f91ef/is_cat_in_the_hat_dead.pdfIn PDF document text
- https://s3.amazonaws.com/musoxifuvitalo/73410122291.pdfIn PDF document text
- https://s3.amazonaws.com/vonusirukete/do_you_follow_directions_quiz.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/3b8db1c3-db07-4502-8f1f-636600a83e56/lunajazetalasenoz.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/449484dc-4fb4-4b40-a6a5-2a12f8ea31be/motorola_ht750_replacement_antenna.pdfIn PDF document text
- https://s3.amazonaws.com/wokesabisevo/conflict_minerals_template_2019.pdfIn PDF document text
- https://234d5d8d-19c9-4cab-a884-dd0775662658.filesusr.com/ugd/fb7225_d799349ad363496db42d578929604b23.pdf?index=trueIn PDF document text
- https://s3.amazonaws.com/jazofi/temotokojexel.pdfIn PDF document text
- https://d75bbb92-b0e4-4b50-83e6-2443e695523b.filesusr.com/ugd/bc73b9_e93795f3a39b4c589744592e869a27d0.pdf?index=trueIn PDF document text
- https://s3.amazonaws.com/tidigudetefumof/xomazavenunalotilakabino.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/e34fc560-aae0-41fa-9ce3-65cc3c956a18/waxegebi.pdfIn PDF document text
- https://s3.amazonaws.com/tixeligufokup/lagu_cinta_luar_biasa_gratis.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/04e05b51-2e27-48be-8ba9-5b124dc8079c/21019175946.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0001600b.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1600B | 5768 bytes |
SHA-256: f72091e743fcc1c0fb5d0a8d9f6f813b682a17a6eb7a25c6a6bb16da9193f524 |
|||
font_01_sfnt_off00017319.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x17319 | 12868 bytes |
SHA-256: c78de21e865d021a698e2056e766ccf5377fca63dfe0d68e35e0be308890fc00 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.