MALICIOUS
144
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
The PDF is identified as a phishing lure due to its small size and image-heavy content, designed to trick users into clicking embedded links. The heuristic 'PDF_IMAGE_LURE' and the presence of multiple external URIs, including one on 'fokemale.ru', strongly suggest a phishing or malware distribution attempt. Although no scripts were explicitly extracted, the PDF structure and embedded URLs are indicative of malicious intent.
Machine Learning
- Nyx PDF Classifier malicious score 0.9267
Heuristics 5
-
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
-
Image-only document with action trigger (screenshot lure) medium PDF_IMAGE_LUREPDF has 1 image(s), only 0 text block(s), carries a click-outward action, and is only 52 KB — typical shape of a phishing lure where a full-page screenshot hides a clickable button that launches or submits to an attacker URL.
-
Small PDF is a non-clustered link farm on disposable hosting medium PDF_SEO_DISPOSABLE_LINK_FARMSmall PDF contains many clickable external PDF links spread thin across many distinct hosts (no single dominant host), corroborated by a utm_term SEO-redirector link and/or links parked on free/disposable content hosts. This is the 'free document/template' SEO phishing PDF family, which ranks for search queries and routes users into payload/redirect chains, rather than a normal document citation pattern. The PDF itself carries no exploit — the risk is the linked destinations.
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://fokemale.ru/strik?utm_term=why+is+orion%2527s+belt+special
- https://webeboxux.weebly.com/uploads/1/3/4/4/134493090/pitigigu_goxijepef_pupatavuta.pdf
- http://fragcups.com/nakopegaq36rk.pdf
- http://centerverifybadge.com/manual_network_selection_iphone_5s_ios_11yvciv.pdf
- https://cdn.sqhk.co/difigobon/d7jpTij/87689681449.pdf
- https://cdn.sqhk.co/kivipemo/CBzRJjj/4831920716.pdf
- https://cdn.sqhk.co/subesanodag/eggDhcU/sekotebonurimuze.pdf
- http://e-sparks.ru/midaxejizaziluz75qjr.pdf
- https://cdn.sqhk.co/nufomewo/gcoghie/super_adventure_island_snes_cheats.pdf
- https://wobapuzufisuro.weebly.com/uploads/1/3/4/0/134042344/e4e13d5db.pdf
- http://about-central.com/75313527200lulb7.pdf
- http://titoto.xyz/65720696068j5rxg.pdf
- https://cdn.sqhk.co/pelemobi/ibNmFQY/dinifalobatixagewulox.pdf
- http://vidodusiv.epizy.com/administration_manager_duties_and_responsibilities.pdf
- https://b0b8c8c5-0de0-49ea-8337-0a56b8a4e65f.filesusr.com/ugd/bf9dfc_d7e74090788b44889b81a891e3835518.pdf?index=true
- http://mefuxunopurojim.rf.gd/quarterly_calendar_template_2019_excel.pdf
- http://nuxibuzejapise.epizy.com/85671767041.pdf
- http://mutezojujamanu.rf.gd/peavey_vypyr_vip_1_manual.pdf
- https://uploads.strikinglycdn.com/files/68d85cb1-9d95-40cc-baa5-8668735cf26a/menanalosopodabif.pdf
- https://78905da9-dd21-4190-abaa-c894c042e703.filesusr.com/ugd/851c7c_1f2c3fdf0d2d4da38726a36c00ab781a.pdf?index=true
- http://wufofot.rf.gd/18172712436.pdf
- https://uploads.strikinglycdn.com/files/e7f07f8b-c0da-4934-aeac-97dea721fecd/pokotoreworevoserulivu.pdf
- https://11ab4cf5-156d-4417-99e9-5039b2a7eb5f.filesusr.com/ugd/82d61e_0d69cea0b20549baa5d664e61eef6502.pdf?index=true
Open this report in the interactive analyzer, or submit your own file for analysis.