MALICIOUS
156
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
This PDF document was flagged as malicious by ClamAV and an ML classifier. The file embeds a large number of external links characteristic of an SEO link farm. Specific URLs and indicators for this sample are listed in the indicators section.
Machine Learning
- Nyx PDF Classifier malicious score 0.9992
Heuristics 5
-
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://ponafet.ru/strik?utm_term=onn+alarm+clock+set+time PDF link annotation
- https://static.s123-cdn-static.com/uploads/4371013/normal_5fc99af4de6e6.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4427094/normal_603e240943829.pdfIn PDF document text
- http://whysmall.space/how_to_think_when_you_draw_with_lorerxqmj.pdfIn PDF document text
- http://pro-konditer.com/poulan_wild_thing_2375_carburetor_kitmh6aq.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4479454/normal_6038230690436.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- http://www.daltonmaag.com/In PDF document text
- https://80c93ba6-74df-4afb-9852-3a83eaba20e3.filesusr.com/ugd/4cf28d_3f9a41311d5e4745a9a5b3ae42df2a48.pdf?index=trueIn PDF document text
- https://uploads.strikinglycdn.com/files/198d3864-9f3e-44bb-bfdc-fef58d977256/how_much_do_construction_companies_spend_on_safety.pdfIn PDF document text
- https://s3.amazonaws.com/jiwotarotavuz/android_emulator_localhost_api.pdfIn PDF document text
- https://s3.amazonaws.com/megelugik/49409053746.pdfIn PDF document text
- https://s3.amazonaws.com/luborinizu/how_to_connect_universal_remote_to_insignia.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/c37456bd-6941-441b-8ec7-63a8c68dfd4e/kvs_pgt_computer_science_books_free_download.pdfIn PDF document text
- https://s3.amazonaws.com/veraxawewib/bahubali_1_video_songs_tinyjuke.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/0274899c-105a-4031-a3fc-b6a69520bcaa/88143274554.pdfIn PDF document text
- https://s3.amazonaws.com/ruzumeb/pumajerasabemajutom.pdfIn PDF document text
- https://s3.amazonaws.com/godewumazek/runurezomubesadujizex.pdfIn PDF document text
- https://bb491b24-4c81-4ccc-8daa-bf1baeb171c2.filesusr.com/ugd/93c935_ffaf7619657546a5981bd173b2a23590.pdf?index=trueIn PDF document text
- https://e85625e8-91d5-48c2-95a4-67b7b95d5b39.filesusr.com/ugd/b97a97_f71bdcb737a642cf8d475295e8835733.pdf?index=trueIn PDF document text
- https://4d75d3c9-3a4d-4df6-84ab-e48b83d723e5.filesusr.com/ugd/cdb50c_5fe93e5d8f644a029c6f2c341a873057.pdf?index=trueIn PDF document text
- https://s3.amazonaws.com/betefowubevat/likagivobiwirufuzi.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/07365331-b918-4a1d-8720-a32e4c71a4e0/how_to_make_a_mob_grinder_in_minecraft_1.14.pdfIn PDF document text
- https://s3.amazonaws.com/xelimewat/fisher_price_my_little_lamb_cradle_n_swing_replacement_parts.pdfIn PDF document text
- https://s3.amazonaws.com/fakuguvil/sivofurimadoka.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/ec1674f2-29aa-4f38-8cb4-041f53eabee4/what_are_the_different_types_of_instructional_strategies.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0001045d.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1045D | 4824 bytes |
SHA-256: 9cd2d957a637693e8f5a025d961414ee69a3935a910e6919d2233bfaf44d0c78 |
|||
font_01_sfnt_off000114a1.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x114A1 | 11212 bytes |
SHA-256: a60841bbe7f982f8744e4e6ecf1377d79399c3d952b2be640abaf67a60bb5efc |
|||
font_02_sfnt_off00013ac7.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x13AC7 | 4324 bytes |
SHA-256: 4fcfa7c68d76e23b667942a3ac892d2d5d88346478daafc61479ad4df4af3dd3 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.