MALICIOUS
156
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The file is identified as malicious by ClamAV and an ML classifier, with heuristics indicating it contains a link farm and an embedded URI. The primary malicious URL, https://pixomot.ru/pbw?utm_term=b1+b2+grammar+test+pdf, is likely used to redirect users to a phishing site or download further malicious content. Although no scripts were explicitly extracted, the PDF structure and embedded URI suggest an attempt to exploit PDF vulnerabilities or deliver a payload.
Machine Learning
- Nyx PDF Classifier malicious score 0.9994
Heuristics 5
-
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://pixomot.ru/pbw?utm_term=b1+b2+grammar+test+pdf PDF link annotation
- https://static.s123-cdn-static.com/uploads/4446029/normal_5ff192cc075dd.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4413973/normal_5fe63fccc8086.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4404755/normal_603f6a63260e6.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4410217/normal_5fcc22d36704c.pdfIn PDF document text
- https://papenuxid.weebly.com/uploads/1/3/0/8/130874395/c7c7fff.pdfIn PDF document text
- https://tixilumudesowor.weebly.com/uploads/1/3/6/0/136095614/2196050.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4447093/normal_6063412f5c2d9.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4479237/normal_605f276f0de8a.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4421783/normal_605be7d8c12ab.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4408990/normal_60069d9e99bb5.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4382627/normal_6023cb771d9f4.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://uploads.strikinglycdn.com/files/42b4abeb-b1f2-4fd3-a085-f31892508f05/54345535165.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/79315350-1d38-4b6a-bb35-0c0d891d3ccd/pogurefofepevemobipu.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/ca66db87-d3d5-4fdd-8454-3dc992755c1f/operating_systems_for_computers_free_download.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/27012812-0dc4-4257-a5bc-b0d968a8d51f/35175899756.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/0d5c97d7-e9fb-4cef-86c3-50deb2523d0c/42821806066.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/eece18a7-340a-46c5-b927-1714d450dd78/wukotejupawuzafasekekuveb.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/302e132f-0e8e-4843-ae51-afd4ff4d90a0/haier_air_conditioner_manual_hprb08xcm-t.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/f4f2944b-c15a-44ee-9239-f2ee63465c99/38317666851.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/a25da6ca-205f-455b-a735-4826aba6a0b2/77980795468.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/d43af05e-ca11-47e9-8baf-2d06c4a5facd/sonic_the_hedgehog_2_online_unblocked.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
- http://dejavu.sourceforge.netIn PDF document text
- http://dejavu.sourceforge.net/wiki/index.php/LicenseIn PDF document text
Extracted artifacts 4
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000ed4c.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xED4C | 5360 bytes |
SHA-256: 8d2f66226a3a1005bf6096739188682af833cd2d449db009ef580011141a5468 |
|||
font_01_sfnt_off00010005.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x10005 | 5700 bytes |
SHA-256: f8f5b2c9c1a0d72cc8697477b0295020361259b2fc9c1ab826702ee398a89c47 |
|||
font_02_sfnt_off0001135e.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1135E | 18568 bytes |
SHA-256: 97ba7b6ed33117175ab4614b47f02784abb5e5044ef119d45f02bfc82218af13 |
|||
font_03_sfnt_off0001456f.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1456F | 16412 bytes |
SHA-256: fca3c8cea773db451dbbe0cad3d5e3049fc761b1401a7371204699a2b51ec418 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.