MALICIOUS
154
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF file contains a heuristic firing for a PDF link farm, indicating it hosts numerous external links. One prominent external URI, 'https://philabc.ru/pbw?utm_term=shadow+fight+2+special+edition+hack+mod+apk+android+1', is flagged as suspicious. The ML classifier and ClamAV detection further support its malicious nature, classifying it as a phishing trojan. The document body, though heavily corrupted, contains references to 'wkhtmltopdf' and 'Qt', suggesting it might be a generated PDF.
Machine Learning
- Nyx PDF Classifier malicious score 0.9503
Heuristics 4
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://philabc.ru/pbw?utm_term=shadow+fight+2+special+edition+hack+mod+apk+android+1
- https://cdn-cms.f-static.net/uploads/4405650/normal_60224d0b16d87.pdf
- https://static.s123-cdn-static.com/uploads/4384149/normal_60006b7f388fb.pdf
- https://nogorixarolixi.weebly.com/uploads/1/3/0/7/130740589/sogutobefeva-rowujoperazusi-ruzutazodavel.pdf
- https://delidenaluno.weebly.com/uploads/1/3/4/4/134438050/kipuzugomug.pdf
- https://jumazege.weebly.com/uploads/1/3/1/6/131606101/dec5fd2a524e.pdf
- https://cdn-cms.f-static.net/uploads/4385004/normal_5fd16a3d7781e.pdf
- https://cdn-cms.f-static.net/uploads/4501634/normal_603600a4b5e0d.pdf
- https://binamakizixevuj.weebly.com/uploads/1/3/2/8/132814618/moladakaxemokanovi.pdf
- https://static.s123-cdn-static-d.com/uploads/4379237/normal_60b30c9bc8842.pdf
- https://bavutenodedob.weebly.com/uploads/1/3/1/0/131071315/2389bb3919ef.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- https://uploads.strikinglycdn.com/files/0aab378c-10da-40cd-b669-c2733a613028/34219928005.pdf
- https://uploads.strikinglycdn.com/files/ecade92a-c47b-435a-b992-6bc7f3c0fce7/mejuwikuluf.pdf
- https://uploads.strikinglycdn.com/files/7439101f-1408-4568-9a3f-172ee36c338f/93445540959.pdf
- http://sejuworepow.pbworks.com/f/prentice_hall_mathematics_geometry_book_answers.pdf
- https://uploads.strikinglycdn.com/files/be1e2c0d-9a4d-4720-ba1c-120e69cd0ae7/dufepolerelokijufiwiko.pdf
- http://lekuzax.pbworks.com/w/file/fetch/144419193/new_products_management_crawford_di_benedetto.pdf
- https://uploads.strikinglycdn.com/files/84a2115d-db05-4ede-995e-a0898b41e887/tezupawiwogowomev.pdf
- https://uploads.strikinglycdn.com/files/cbb48d51-3efd-4dd6-9f70-d72ff71b4fdf/1956_cessna_172_service_manual.pdf
- https://uploads.strikinglycdn.com/files/7b70707f-4642-4e8b-bd0c-380a1a2b3db0/memento_mori_definition_in_a_sentence.pdf
- http://scripts.sil.org/OFL
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000cccf.bin66186677cc98f0c61a2f42c7f628385777dc6d59852665b30263696eb97da644 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xCCCF | 6012 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.