MALICIOUS
154
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
The PDF contains numerous external links, many of which are part of a link farm designed to appear as legitimate download resources. The primary malicious URL identified is https://baarspo.ru/award?keyword=longman+pronunciation+dictionary+free+download+pdf, which is likely used to redirect users to a phishing or malware distribution site. The ClamAV detection and ML classifier strongly indicate malicious intent.
Machine Learning
- Nyx PDF Classifier malicious score 0.9084
Heuristics 4
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://baarspo.ru/award?keyword=longman+pronunciation+dictionary+free+download+pdf
- https://vabudefun.weebly.com/uploads/1/3/0/7/130775589/fidemiwemuwi_lolibuzon_lejakexal_kekatu.pdf
- https://tabivivefevevu.weebly.com/uploads/1/3/4/8/134889686/pafuwufazosekawuni.pdf
- http://rineset.xyz/briggs_and_stratton_450_series_148cc_blades9ycg3.pdf
- https://static.s123-cdn-static.com/uploads/4484995/normal_5fc6b2b5211ef.pdf
- https://static.s123-cdn-static.com/uploads/4485149/normal_5fcfa11790aec.pdf
- https://senovaxevuka.weebly.com/uploads/1/3/5/3/135304629/rukonivudi.pdf
- https://cdn-cms.f-static.net/uploads/4421460/normal_5fe645018e0f8.pdf
- https://cdn-cms.f-static.net/uploads/4427104/normal_601df839691c2.pdf
- https://duwobimisenuzo.weebly.com/uploads/1/3/4/6/134615726/8cca770b5e13.pdf
- http://top-odejda.com/recommender_systems_handbook_2nd_editionwqgfh.pdf
- https://mivixotagu.weebly.com/uploads/1/3/1/3/131384173/6232041.pdf
- https://namikefazexu.weebly.com/uploads/1/3/1/6/131606603/9672458.pdf
- https://wazasamiv.weebly.com/uploads/1/3/0/7/130775889/jagerexafukofu-numexasuzowex-bepedub-wexuvajuzu.pdf
- http://prosale.company/hayvan_iftlii_indirxdkjg.pdf
- https://cdn-cms.f-static.net/uploads/4428335/normal_60379edec551f.pdf
- https://govotewimodiku.weebly.com/uploads/1/3/4/6/134649218/8dcf501adfced16.pdf
- http://bellissimo.online/jogutegidemonijic33h.pdf
- https://uploads.strikinglycdn.com/files/0ac7b114-434a-49db-a0a2-82337eb6121b/how_do_you_light_the_pilot_light_on_a_hotpoint_gas_stove.pdf
- https://2f60c0de-bae8-48d8-8f3f-ce7907f87c52.filesusr.com/ugd/badafb_ad864c6415a24f4489c23382eb5e36d2.pdf?index=true
- https://uploads.strikinglycdn.com/files/0a1da355-eb5d-4f92-9374-cf45650b2b52/old_romantic_book_quotes.pdf
- https://uploads.strikinglycdn.com/files/d85abdf9-c20a-4f0a-ace5-67f5edbee80a/98824118563.pdf
- https://1c54689f-8f60-44d8-8d81-b144d6ea8ada.filesusr.com/ugd/787b0a_472deff893974058a2a429a5fafbeade.pdf?index=true
- https://uploads.strikinglycdn.com/files/7357bb65-2287-4d1b-8ccb-53c54ed7a0ec/19841663270.pdf
- https://uploads.strikinglycdn.com/files/29450422-1d41-4414-b595-5df8b628d74a/47196098795.pdf
- https://0eb00d84-361a-45dc-b346-1af5c8eb785c.filesusr.com/ugd/d79848_5e816946294745bcaff75a2148feda34.pdf?index=true
Open this report in the interactive analyzer, or submit your own file for analysis.