MALICIOUS
156
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF contains numerous external links, many of which are part of a link farm designed to improve search engine rankings. One prominent URL, 'https://leonvi.ru/wix?keyword=synapse+x+support', suggests a phishing or malware distribution attempt by impersonating a support page. The ClamAV detection and ML classifier strongly indicate malicious intent, likely related to phishing or trojan delivery.
Machine Learning
- Nyx PDF Classifier malicious score 0.9998
Heuristics 5
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://leonvi.ru/wix?keyword=synapse+x+support
- https://static.s123-cdn-static.com/uploads/4379984/normal_5fdfca5db5a48.pdf
- https://static.s123-cdn-static.com/uploads/4419195/normal_5fc78d333333b.pdf
- https://cdn.sqhk.co/jiluputumusi/CG3ifur/37399813544.pdf
- https://cdn-cms.f-static.net/uploads/4376357/normal_6035891b09645.pdf
- https://cdn.sqhk.co/gapebeve/2Lhb8jd/parallel_worlds_book.pdf
- https://cdn.sqhk.co/vetukalujir/3icidgh/70892235722.pdf
- https://cdn.sqhk.co/vinasujitupe/rjj6VMv/82297603286.pdf
- http://rikedenufag.iblogger.org/vimuretefijejowababa.pdf
- http://xotuvezaramapez.22web.org/farinexafizunatit.pdf
- https://cdn.sqhk.co/wadupaxi/jNhbGpr/knife_block_with_sharpener.pdf
- https://cdn-cms.f-static.net/uploads/4465557/normal_603a984057301.pdf
- https://static.s123-cdn-static.com/uploads/4490739/normal_5fd0477565dfc.pdf
- https://cdn.sqhk.co/karelevo/Sgjjh4p/25148894807.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://ddb1515c-011f-4d6c-9a6c-b305a2039a85.filesusr.com/ugd/477ac5_22a25ab5c7774730a54148d6faa1a91f.pdf?index=true
- https://f6e2a16f-d004-42cd-8f17-0463e090774c.filesusr.com/ugd/c70c35_7b9032d959ff4b55a141c75668a138a2.pdf?index=true
- http://libogesozi.rf.gd/currency_symbols_list_with_country_name.pdf
- https://2987c0f4-171e-4473-b3f1-a5468658115b.filesusr.com/ugd/75ff8a_439a17a50eea402aa50216a348d4764a.pdf?index=true
- http://rezumasalimod.epizy.com/borojexaloxigujafilono.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000dc66.bin51128efd55b7906d1fea525d1bae39db58566289f4ca3ebe8ca42d01f0257f3b |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xDC66 | 5056 bytes |
font_01_sfnt_off0000edb0.bin275e1e86706334a00d1c28738dc21042fd9e2004891c28120cd462197bb6e584 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xEDB0 | 11304 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.