MALICIOUS
174
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
This PDF document is identified as malicious by ClamAV and ML classifiers, exhibiting characteristics of a phishing lure. The 'PDF_IMAGE_LURE' heuristic indicates it contains an image designed to trick users into clicking an embedded URI, likely for credential harvesting or malware distribution. The presence of numerous external links, including a 'link farm', further supports a malicious intent.
Machine Learning
- Nyx PDF Classifier malicious score 0.5403
Heuristics 5
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
Image-only document with action trigger (screenshot lure) medium PDF_IMAGE_LUREPDF has 1 image(s), only 0 text block(s), carries a click-outward action, and is only 65 KB — typical shape of a phishing lure where a full-page screenshot hides a clickable button that launches or submits to an attacker URL.
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://medvor.ru/pbw?utm_term=solomon+organic+chemistry+10th+edition+solution+manual+pdf
- https://zobovakobazazu.weebly.com/uploads/1/3/4/3/134319401/nenesod.pdf
- https://jikevumuvovidu.weebly.com/uploads/1/3/4/3/134324483/63272093ce0117a.pdf
- https://cdn-cms.f-static.net/uploads/4457318/normal_606b773241847.pdf
- https://sidusumidiwef.weebly.com/uploads/1/3/4/3/134366372/40b5b96.pdf
- https://cdn-cms.f-static.net/uploads/4423429/normal_60663090cf120.pdf
- https://cdn-cms.f-static.net/uploads/4414688/normal_6010f5cca9a86.pdf
- https://sujujiga.weebly.com/uploads/1/3/1/3/131379538/5123608.pdf
- https://cdn-cms.f-static.net/uploads/4381340/normal_600d32700b522.pdf
- https://static.s123-cdn-static-d.com/uploads/4447086/normal_60b514b728e58.pdf
- https://cdn-cms.f-static.net/uploads/4500186/normal_602a82f4e8928.pdf
- https://cdn-cms.f-static.net/uploads/4391903/normal_60352099efefe.pdf
- https://static.s123-cdn-static.com/uploads/4417213/normal_5fdfadebeaa4b.pdf
- https://galixasuja.weebly.com/uploads/1/3/4/5/134518214/f64ead427.pdf
- http://banusiv.pbworks.com/w/file/fetch/144453360/clases_biblicas_para_nios_cristianos_de_3_a_6_aos.pdf
- https://uploads.strikinglycdn.com/files/066dfd0e-fa48-4013-803c-020a1e7869d3/18457889573.pdf
- https://uploads.strikinglycdn.com/files/799a7db1-cd16-4a79-87de-340690b3f18f/wegorolamubovaxatiwejari.pdf
- https://uploads.strikinglycdn.com/files/275543d4-8848-4466-8c1f-3d4374474fb3/87368993571.pdf
- http://wuxikadafi.pbworks.com/f/33619255508.pdf
- https://uploads.strikinglycdn.com/files/a4353120-b0eb-4b95-9370-5c306283b551/55101615302.pdf
- https://uploads.strikinglycdn.com/files/767a2310-c045-446e-9542-0283dc9c3d20/ap_style_checker_tool_free.pdf
- https://uploads.strikinglycdn.com/files/5d46398e-6a2d-43ad-8043-ae9b81f8ac76/how_to_read_after_we_collided_online_free.pdf
- https://uploads.strikinglycdn.com/files/ea410ecf-528a-4e51-8358-723f909f69a0/is_it_legal_to_shoot_an_elephant_in_africa.pdf
- https://uploads.strikinglycdn.com/files/d461b2e6-6535-4a2c-9143-e2caff89988c/what_is_stopping_phonological_process.pdf
- http://wuvebag.pbworks.com/w/file/fetch/144427191/tepixagosituxozidamafuz.pdf
Open this report in the interactive analyzer, or submit your own file for analysis.