MALICIOUS
174
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
The PDF is identified as an image-only document with an action trigger, typical of a phishing lure. It contains a single external URI pointing to 'crophysi.ru', which is flagged as a potential phishing or malware distribution site. The ML classifier and ClamAV detection further support its malicious nature.
Machine Learning
- Nyx PDF Classifier malicious score 0.8382
Heuristics 5
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
Image-only document with action trigger (screenshot lure) medium PDF_IMAGE_LUREPDF has 1 image(s), only 0 text block(s), carries a click-outward action, and is only 55 KB — typical shape of a phishing lure where a full-page screenshot hides a clickable button that launches or submits to an attacker URL.
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://crophysi.ru/award?keyword=psaume+pour+attirer+largent+pdf
- http://dasaburaxad.22web.org/josifewuxobawirebu.pdf
- http://puwonasomoso.22web.org/gojosekewubojetev.pdf
- https://uploads.strikinglycdn.com/files/b47be556-dfaa-4899-b419-7c6eed7bce39/nj_motor_vehicle_driver_testing_center.pdf
- https://uploads.strikinglycdn.com/files/51097810-f52b-46fd-b80d-71f4882dd26f/how_many_calories_in_arbys_potato_cakes.pdf
- https://uploads.strikinglycdn.com/files/474a70ed-6e28-40d5-8642-c309c4af9188/63863953448.pdf
- https://s3.amazonaws.com/nuxepiduded/bubble_shooter_5_apkpure.pdf
- https://uploads.strikinglycdn.com/files/78dcb7ac-77bf-4043-86ae-09faecd2b393/21828601594.pdf
- https://s3.amazonaws.com/xamibebulosaxug/disney_world_parade_2020.pdf
- https://uploads.strikinglycdn.com/files/c7887218-b06c-49fc-b1c8-ed9fdf6ae7d2/50960211547.pdf
- https://s3.amazonaws.com/xidulumexi/41459735260.pdf
- https://uploads.strikinglycdn.com/files/eec4fca5-0451-40d5-a910-ef03b53cc6d0/what_is_free_parking_in_monopoly_electronic_banking.pdf
- http://polopurug.rf.gd/67650553840.pdf
- http://xopalotopobeda.rf.gd/ledelopakedefuxavijaxu.pdf
- https://34ea5197-a9e9-4ba5-99bb-a7dd7aeba98b.filesusr.com/ugd/234f58_16cc0834e1e04d5396c48cf785ce1f89.pdf?index=true
- https://uploads.strikinglycdn.com/files/62dc385c-247c-41ad-9b96-a0a69dd6d3d3/what_is_ap_studio_art_2d.pdf
- https://s3.amazonaws.com/nerugiraxura/zuzetuz.pdf
- https://s3.amazonaws.com/lepefi/loan_application_form_sample_word.pdf
- https://69b12d55-863e-458e-a545-ad358ed6bd1a.filesusr.com/ugd/a9642c_5ca60950451c45bf8e6e866a1d37bca0.pdf?index=true
- https://uploads.strikinglycdn.com/files/f05ba448-771c-4efb-bdf6-4c90b46e7a38/41689675088.pdf
- https://s3.amazonaws.com/zoromexemuzid/firanigujexow.pdf
- https://s3.amazonaws.com/bagisi/37088224621.pdf
- https://s3.amazonaws.com/bevarolimesale/it_s_a_wonderful_afterlife_movie.pdf
- https://s3.amazonaws.com/xumakomowi/two_letter_blends_phonics_worksheets.pdf
- https://s3.amazonaws.com/tobobowu/sony_str-k502p_service_manual.pdf
- https://uploads.strikinglycdn.com/files/5c15398e-f1e6-4ebf-9ad1-c15d366120df/how_to_replace_viking_range_knobs.pdf
Open this report in the interactive analyzer, or submit your own file for analysis.