MALICIOUS
124
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
The file is identified as malicious by ClamAV and an ML classifier, with heuristics indicating it's a link farm on disposable hosting. The embedded URI points to a suspicious domain, suggesting a phishing or malware distribution attempt. No scripts were extracted, but the PDF structure itself is indicative of a malicious lure.
Machine Learning
- Nyx PDF Classifier malicious score 0.9113
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
Small PDF is a non-clustered link farm on disposable hosting medium PDF_SEO_DISPOSABLE_LINK_FARMSmall PDF contains many clickable external PDF links spread thin across many distinct hosts (no single dominant host), corroborated by a utm_term SEO-redirector link and/or links parked on free/disposable content hosts. This is the 'free document/template' SEO phishing PDF family, which ranks for search queries and routes users into payload/redirect chains, rather than a normal document citation pattern. The PDF itself carries no exploit — the risk is the linked destinations.
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://xajibur.ru/strik?utm_term=homelite+string+trimmer+saw+blade+attachment PDF link annotation
- https://cdn-cms.f-static.net/uploads/4449395/normal_60279d610c110.pdfIn PDF document text
- http://cookwellbakewell.com/icloud_photos_not_ing_on_new_iphoneva1j0.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4422908/normal_602c41f738b6b.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4444115/normal_6040e7dfb7e64.pdfIn PDF document text
- http://citruss.space/508-_507-_2209_downloadb6lzf.pdfIn PDF document text
- http://eurostore.info/axa_mps_financial_dac_annual_reportco7h9.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4495385/normal_5fedc049045c3.pdfIn PDF document text
- http://wwbook.org/true_detective_script_writer9qaok.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4468551/normal_5fdf636465956.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/296d68a3-3841-43fe-91e8-d5ebe41fad7e/how_to_set_up_a_repeater_tp_link.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/0aa6c48a-58ce-4916-8bcc-e246413d4541/simple_and_compound_sentences_worksheet_4th_grade.pdfIn PDF document text
- https://s3.amazonaws.com/vavapekadoliti/album_audio_songs_ing_come.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/23ddea1c-2842-47f1-afac-a428ee810b99/is_heat_and_bond_permanent.pdfIn PDF document text
- https://s3.amazonaws.com/zoromexemuzid/hollywood_action_movies_online.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/2d912e5d-a7f4-4572-89d5-605c60b6fa1e/dave_ramsey_budget_sheet_template.pdfIn PDF document text
- https://s3.amazonaws.com/nuvukivaxiren/jurnal_fraktur_antebrachii.pdfIn PDF document text
- https://s3.amazonaws.com/zuvovoxigumuz/rockola_jukebox_model_431.pdfIn PDF document text
- https://s3.amazonaws.com/difigomisosak/importance_of_retirement_planning.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/8fb67df0-d3f1-4c62-be34-980a9a5fa918/pdf_python_for_dummies.pdfIn PDF document text
Open this report in the interactive analyzer, or submit your own file for analysis.