MALICIOUS
154
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF contains numerous external links, with a significant number pointing to SEO-optimized PDF farms, suggesting a malicious intent to distribute further content or malware. The presence of a PDF_SEO_LINK_FARM heuristic firing and a high ML_NYX_PDF_MALICIOUS score indicate a high likelihood of malicious activity. The embedded URL points to a domain that is likely part of a link farm designed to distribute malicious content.
Machine Learning
- Nyx PDF Classifier malicious score 0.7004
Heuristics 4
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://resalured.ru/award?keyword=handbook+graphic+design+pdf
- http://rusewigojubilon.mygamesonline.org/why_is_my_dogs_urine_too_alkaline.pdf
- http://sezafisiru.22web.org/winewefumadirativejarer.pdf
- http://rokamik.iblogger.org/bazeketiwog.pdf
- http://lalabomujulimof.mywebcommunity.org/blackbird_sheet_music_guitar.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- http://rerupini.epizy.com/12334925725.pdf
- https://s3.amazonaws.com/dusubonifu/51064631295.pdf
- https://s3.amazonaws.com/jinabom/lifavitaza.pdf
- https://99f4a897-b223-4833-863a-50ad465ba5d5.filesusr.com/ugd/8e2371_961b236e92614bd681377e9843b16147.pdf?index=true
- http://wadoromutisagar.myartsonline.com/suladusijumedemitu.pdf
- https://44879a12-c10a-431c-a98a-7de142752d0f.filesusr.com/ugd/bb4607_5ff4cd8099b84cd98a97d37569f501e2.pdf?index=true
- http://vivizegijarugip.epizy.com/68352825946.pdf
- http://sopexalibip.onlinewebshop.net/elisabeth_badinter_xy.pdf
- https://s3.amazonaws.com/gewisetug/40892152513.pdf
- https://s3.amazonaws.com/jezobasit/pugenivisatuzasagivuxikeg.pdf
- http://dakafatuvuguviz.atwebpages.com/xixafaxofegutajoseros.pdf
- http://gitodake.myartsonline.com/ctet_syllabus.pdf
- https://3745348a-78a0-42d7-8ff4-af2b45bf5faf.filesusr.com/ugd/02631b_8b08558c2c444cca9b3388a49c151316.pdf?index=true
- https://12a3aa02-022d-4218-8efb-90aa4388683d.filesusr.com/ugd/6dfd9b_2575d78a90674d51a281bc87286523ad.pdf?index=true
- https://e082b6be-64c0-45f6-a8ff-82b9c6f476f0.filesusr.com/ugd/1479de_7557d33fc34a459b93e11328213250a5.pdf?index=true
- https://02ee9779-94d6-4ec7-959f-c0f99fe19a35.filesusr.com/ugd/cdc607_6b4c9ffffc62446b8253056636ac66eb.pdf?index=true
- https://af18ad75-7652-4b25-b9e0-8da5fded0af1.filesusr.com/ugd/529385_9e0e7d5abb7d4c2fbda5d90f1ff2db91.pdf?index=true
- https://71a5d838-4e22-4830-8da1-7955ec3365f5.filesusr.com/ugd/f2f43e_6c06ef8d1c964e61bdb0bd1504887691.pdf?index=true
- https://s3.amazonaws.com/dowavelaxam/brain_out_level_149_answer_key.pdf
- http://scripts.sil.org/OFL
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000f2ed.binbd369b40ccec80958e5b178cab9bf5ee47de74f8b50eb0d7e47e8f6a3c719025 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xF2ED | 5548 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.