MALICIOUS
154
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF file contains numerous external links, indicating it functions as a link farm designed to redirect users to potentially malicious websites. The ClamAV detection and ML classifier further support its malicious nature, classifying it as a phishing trojan. While no scripts were explicitly extracted, the PDF structure and embedded URIs suggest an attempt to deliver a second-stage payload or conduct phishing operations.
Machine Learning
- Nyx PDF Classifier malicious score 0.8921
Heuristics 4
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ponafet.ru/award?keyword=before+i+fall+pdf
- http://naturaitalia.space/61741301665g79rz.pdf
- https://gupolapi.weebly.com/uploads/1/3/4/6/134629895/fuwufakovubab_vefoj.pdf
- https://sexaxekeka.weebly.com/uploads/1/3/5/3/135313825/wuporipubabalido.pdf
- http://uscarins.info/front_page_africa_liberia_current_newstemjo.pdf
- https://juxeduwabup.weebly.com/uploads/1/3/0/7/130775558/jazawu.pdf
- https://vunivejo.weebly.com/uploads/1/3/4/2/134266425/davafegosaw-dujosufajinaf.pdf
- https://mopopapepiror.weebly.com/uploads/1/3/2/7/132741339/bavofisu.pdf
- https://wenojuzak.weebly.com/uploads/1/3/4/2/134265903/fedb64352f39.pdf
- http://ufenmac.com/high_metabolism_meal_planbwyv2.pdf
- https://zolegezuboz.weebly.com/uploads/1/3/4/4/134462972/rajurufebozov-kawikizajum-rinemo.pdf
- http://deemonatrafik.xyz/iso_27001_guidelinesv2jmz.pdf
- https://vivuguduwidu.weebly.com/uploads/1/3/2/6/132681484/kumawilakarefugeluja.pdf
- https://wavamabixalovag.weebly.com/uploads/1/3/4/5/134525364/bcca3d08d95e93.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://7b4e975e-109f-4397-a679-93e438ff1453.filesusr.com/ugd/c33f71_b7e1ab81ddd14b8babc89ae7c0a13d44.pdf?index=true
- http://rodukamofuf.epizy.com/56616767254.pdf
- https://uploads.strikinglycdn.com/files/7a1c7682-1ed8-478c-ac17-b5f8d20b5c63/tumomonorobipewosemad.pdf
- https://uploads.strikinglycdn.com/files/fc22617c-8a37-4127-a0e0-fc7cc5166a5a/17967959313.pdf
- https://5a11eff3-0c7a-45dd-bb89-060d4d4d2060.filesusr.com/ugd/72216b_2ef78cfff5274bdc96013b9c731c1340.pdf?index=true
- http://tenezozujilajiw.rf.gd/arris_tm1602a_mta_review.pdf
- http://wupafar.rf.gd/bully_obb_ukuran_kecil.pdf
- http://scripts.sil.org/OFL
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000e638.bin7cdaf785cf14ad1d62af20c2b9161fc01dbfd92e468f49f577f47301d8531238 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xE638 | 4908 bytes |
font_01_sfnt_off0000f6fd.binfaf1f764b87f5c5441ecc8839774238acf7774f4d999ccf28d66e7a98303c776 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xF6FD | 11304 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.