MALICIOUS
126
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1204.002 Malicious Link
This PDF document was flagged as malicious by ClamAV and an ML classifier. The file embeds a large number of external links characteristic of an SEO link farm. Specific URLs and indicators for this sample are listed in the indicators section.
Machine Learning
- Nyx PDF Classifier malicious score 0.9991
Heuristics 5
-
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
-
Small PDF is a non-clustered link farm on disposable hosting medium PDF_SEO_DISPOSABLE_LINK_FARMSmall PDF contains many clickable external PDF links spread thin across many distinct hosts (no single dominant host), corroborated by a utm_term SEO-redirector link and/or links parked on free/disposable content hosts. This is the 'free document/template' SEO phishing PDF family, which ranks for search queries and routes users into payload/redirect chains, rather than a normal document citation pattern. The PDF itself carries no exploit — the risk is the linked destinations.
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://crewmak.ru/pbw?utm_term=hi+nakhra+tera+ni+high+rated+gabru+nu+mare PDF link annotation
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- http://mikabipi.pbworks.com/w/file/fetch/144577953/how_to_make_a_photo_passport_size_free.pdfIn PDF document text
- http://noxiwako.pbworks.com/w/file/fetch/144523635/41286241309.pdfIn PDF document text
- http://pewamez.pbworks.com/w/file/fetch/145128807/mupijegaxumumolowovopani.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/6947ccde-ef97-4e95-b514-4431578080f7/sugoferubizebir.pdfIn PDF document text
- http://bezawagiga.pbworks.com/f/7._snf_ingilizce_ders_kitab_cevaplar_2020_meb.pdfIn PDF document text
- http://mudowomuxexo.pbworks.com/w/file/fetch/144424335/fejunorogikewujuto.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/ab0386aa-0596-4377-8562-fb67a10166b8/81314542887.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/b5a44db7-65fa-4916-b81b-f088554be68e/metufarotuboberoxolevure.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/e7829f60-2de6-4129-bb45-ff44a59bba8c/lovaderuvifikamezukimo.pdfIn PDF document text
- http://lomubel.pbworks.com/w/file/fetch/144867708/73252446707.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/8c53a03e-6277-4cae-a8ae-121b881bc7a4/panixabigowamif.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/d6e5d942-1952-4917-8256-9ca3e3f045c0/how_to_write_a_dr_script_for_shifting_realities.pdfIn PDF document text
- http://mulasamesi.pbworks.com/w/file/fetch/144593760/savedamivavuvusitoloki.pdfIn PDF document text
- http://savavaze.pbworks.com/f/23777922246.pdfIn PDF document text
- http://woxikez.pbworks.com/w/file/fetch/145135095/jesus_redeems_mp3_songs_free_download.pdfIn PDF document text
- http://xizidiw.pbworks.com/w/file/fetch/145054974/tu_aashiqui_serial_full_song_download_mp3.pdfIn PDF document text
- http://xibosini.pbworks.com/w/file/fetch/144516753/breath_of_the_wild_walkthrough_map.pdfIn PDF document text
- http://kelivesas.pbworks.com/w/file/fetch/144480597/jugoxivusutodufewuxoxod.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/5a77e501-9af5-4e2c-8edc-a1b6345f946f/wureleguju.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/33280e6b-8a7a-4dbc-9c13-ef8f6cb81335/double_discounts_worksheet_chapter_7.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/ef9a6736-6837-4919-84d1-956d9d5f541f/given_that_fx__x__4_and_gx__2x__3_solve_for_fgx_when_x__2._1_point.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/add1b79c-7ee0-4ee6-95f4-fddf6fe70911/what_are_the_post_op_complications.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/ba347614-21cf-47d6-8b71-7f1b8200d7da/81065007229.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/60a3d221-67fb-4369-b703-ce8130512eb9/wozoxozakesobosatip.pdfIn PDF document text
- http://ravowibosu.pbworks.com/f/pivotojafikafoma.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000d6cb.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xD6CB | 5196 bytes |
SHA-256: 2dc1c95558660e20ef3cd9ad2d62651fd2d77b3bbddb234513d0cb766a0d99dc |
|||
font_01_sfnt_off0000e844.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xE844 | 10788 bytes |
SHA-256: bb7c47814bef7bc0f1a18aa29be80d54251da3357cd16ba7f9c4dcb7c1ed27d1 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.