MALICIOUS
154
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
This PDF file was flagged by multiple heuristics, including ClamAV and an ML classifier, indicating malicious intent. It contains a large number of external links, many of which point to potentially malicious domains, suggesting a link farm or phishing lure. The document body, though heavily obfuscated, appears to be related to a quiz, which is a common social engineering tactic.
Machine Learning
- Nyx PDF Classifier malicious score 0.9740
Heuristics 4
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://traffset.ru/aws?utm_term=picture+logo+quiz+answers+level+37 PDF link annotation
- https://cdn-cms.f-static.net/uploads/4420244/normal_5faa2d563ac14.pdfIn PDF document text
- https://filafibiwi.weebly.com/uploads/1/3/4/3/134316544/6718547.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4485443/normal_5fbc2a50bbf3b.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4406464/normal_5faa8611d171f.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://uploads.strikinglycdn.com/files/2d6ea59d-7b24-4253-a8c5-1e2dcb55f39d/punuludodelujalawisufedit.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/ce8d5a51-de63-4109-8d4a-647f4767466d/9._sC4B1nC4B1f_fizik_dayanC4B1klC4B1lC4B1k_sorularC4B1_ve_C3A7C3B6zC3BCmleri.pdfIn PDF document text
- https://static1.squarespace.com/static/5fc006d0104edf1d777bfbd4/t/5fc122fc9d79364840b600ae/1606492926248/tang_dynasty_traditional_clothing.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/775ab9c5-a09b-4da9-a7db-dcf75a52e79a/terituxisipu.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/e7bf2f29-5a36-4595-aeff-11dad176636e/90882770437.pdfIn PDF document text
- https://static1.squarespace.com/static/5fbce344be7cfc36344e8aaf/t/5fbcf8b664be903ae63ff416/1606219959299/lane_tech_chicago_staff.pdfIn PDF document text
- https://static1.squarespace.com/static/5fc110906609fd0ee7923de0/t/5fc1821feaf37e3b64d57880/1606517279647/52664818332.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/f05ec26e-4999-4a22-950b-ffee72fec234/vigikimerelulenelejaje.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/83aabed8-2d9c-4753-9d61-7e62601dd7dd/woguvulefav.pdfIn PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00017f9d.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x17F9D | 5540 bytes |
SHA-256: fce32ecd81f6b44b9c2dfe1e3d2e1f45ed6d25098f7dc053e22b1b9a32b03f1b |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.