MALICIOUS
134
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
The PDF contains heuristics indicating it is a phishing document using an image lure to redirect users to a malicious URL. The embedded URL and the document body, despite being heavily obfuscated, suggest a lure related to "Coursera corporate finance quiz answers" to entice clicks. The primary IOC is the redirector URL which likely leads to a phishing page.
Machine Learning
- Nyx PDF Classifier malicious score 0.8113
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
Image lure linking to an SEO redirector (free-download phishing) high PDF_SEO_UTM_REDIRECTOR_LINKPDF embeds an image with little or no body text and a clickable link to a multi-word utm_term / FeedBurner-proxied SEO redirector — the 'free ebook / solution-manual / document download' phishing family that ranks for natural-language search queries and routes the user into a payload/redirect chain. The PDF carries no exploit; the risk is the linked destination. Flagged structurally (image lure + SEO redirector) so it does not depend on a ClamAV/ML signature, and regardless of how many filler text pages the lure carries.
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://trafffe.ru/aws?utm_term=coursera+corporate+finance+quiz+answers PDF link annotation
- https://cdn-cms.f-static.net/uploads/4381294/normal_5fd191802b412.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4497368/normal_5fdfc78ed6b81.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4474723/normal_5ff6b87f4cb72.pdfIn PDF document text
- https://site-1179918.mozfiles.com/files/1179918/fatca_reporting_deadline_2019_luxembourg.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4372987/normal_5f9a581c83cb8.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4446643/normal_5ff8dc1e2895b.pdfIn PDF document text
- https://cdn.sqhk.co/rajexizeba/bjdjhfL/33941813772.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4365628/normal_5ff4ccb7e81c3.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4386829/normal_5f95da3c2e7c0.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4373527/normal_5fdd7c081535f.pdfIn PDF document text
- https://site-1197012.mozfiles.com/files/1197012/21062301537.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4366973/normal_5ffd008533f6e.pdfIn PDF document text
- https://cdn.sqhk.co/fifapupifig/gjenXih/83568728696.pdfIn PDF document text
- https://s3.amazonaws.com/pokorevalaxex/get_email_template_magento_2.pdfIn PDF document text
- https://s3.amazonaws.com/gosete/50495474321.pdfIn PDF document text
- https://s3.amazonaws.com/rawesaragegugar/kejevivabidozemeda.pdfIn PDF document text
- https://s3.amazonaws.com/xufaxoferugod/call_of_duty_mw3_size.pdfIn PDF document text
Open this report in the interactive analyzer, or submit your own file for analysis.