MALICIOUS
156
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF contains numerous external links, many pointing to PDF files, suggesting a link farm for SEO manipulation or malware distribution. The primary URL, https://jumiwimov.ru/123?utm_term=army+commanders+safety+course+answers+pdf, is presented as a lure for 'army commanders safety course answers pdf'. ClamAV and ML classifiers confirm its malicious nature, specifically flagging it as phishing and a trojan.
Machine Learning
- Nyx PDF Classifier malicious score 0.9962
Heuristics 5
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://jumiwimov.ru/123?utm_term=army+commanders+safety+course+answers+pdf
- https://bepopasexib.weebly.com/uploads/1/3/4/3/134356469/49b10a9aba0471.pdf
- https://bowolaje.weebly.com/uploads/1/3/1/6/131636675/lapesukotiru-sesumol.pdf
- https://zinebogexorebo.weebly.com/uploads/1/3/1/4/131437984/1d059e6.pdf
- http://www.ascendercorp.com/
- http://www.ascendercorp.com/typedesigners.html
- http://jutifakukap.pbworks.com/w/file/fetch/144497121/51535192197.pdf
- http://mujefapufefi.pbworks.com/f/88865632226.pdf
- https://uploads.strikinglycdn.com/files/4d190c19-2c63-452d-afcf-6bb4cedece46/kobiwu.pdf
- http://vulazojab.pbworks.com/w/file/fetch/144544308/what_is_batching_in_civil_engineering.pdf
- http://jitijaloj.pbworks.com/f/cisco_air-lap1142n-e-k9_factory_reset.pdf
- http://kokoxudalux.pbworks.com/w/file/fetch/144426942/59937605181.pdf
- https://uploads.strikinglycdn.com/files/85fbfe43-f917-4765-b669-06fe189e884f/mac_os_x_10.5_8_install_dvd_download_free.pdf
- http://mukonisu.pbworks.com/f/kujoretigixibesorelan.pdf
- http://wojipag.pbworks.com/w/file/fetch/144413640/24103315903.pdf
- http://najapenoz.pbworks.com/w/file/fetch/144619746/naruto_ultimate_ninja_5_pcsx2_cheats.pdf
- http://sekodegaxex.pbworks.com/w/file/fetch/144600690/58488872799.pdf
- https://uploads.strikinglycdn.com/files/a384f767-f3c9-4bdf-b110-e1c65c095462/27676719179.pdf
- https://uploads.strikinglycdn.com/files/efe091d8-ccc1-4ff5-8916-30f9a655b65a/how_to_use_tqm_in_capsim.pdf
- https://uploads.strikinglycdn.com/files/f9f82022-7936-4655-baa0-e1d2f86537a7/unity_stock_price.pdf
- http://ropotupi.pbworks.com/f/joplin_mo_police_officers.pdf
- https://uploads.strikinglycdn.com/files/b6eca116-c23c-4b83-84f6-49e23d2ecb32/fabenavoserono.pdf
- https://uploads.strikinglycdn.com/files/bbfd2a85-392b-4b49-8006-25d6a5494229/jobs_for_felons_in_tulsa_oklahoma.pdf
- http://febamizilaw.pbworks.com/w/file/fetch/144601905/the_true_story_of_the_three_little_pigs_lesson_ideas.pdf
- http://sozevupegufi.pbworks.com/w/file/fetch/144604392/letizonatobasagasosaj.pdf
- https://uploads.strikinglycdn.com/files/e3ee3b25-c06c-4e87-82ba-024108bf61d5/jujijebovov.pdf
- http://kokoxudalux.pbworks.com/f/eclipse_phase_2nd_edition_free.pdf
- http://fodorafirig.pbworks.com/w/file/fetch/144575889/didadeze.pdf
- http://www.w3.org/1999/02/22-rdf-syntax-ns#
- http://purl.org/dc/elements/1.1/
- http://ns.adobe.com/pdf/1.3/
- http://ns.adobe.com/xap/1.0/
- http://ns.adobe.com/xap/1.0/mm/
- http://ns.adobe.com/xap/1.0/rights/
- https://savannah.gnu.org/projects/freefont/
- http://www.gnu.org/licenses/
- http://www.gnu.org/copyleft/gpl.html
- http://scripts.sil.org/OFL
- http://dejavu.sourceforge.net
- http://dejavu.sourceforge.net/wiki/index.php/License
Extracted artifacts 6
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00013553.bin4257b5aed261ccb96d7b6b52587b843e34ad9d65b35b79aec213b77d78697daa |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x13553 | 6416 bytes |
font_01_sfnt_off00014527.bind3e0cf3ecc70b650d251b5dc04837f3c34ccbaf1ff46c0bcfb7dd9d44e5881a9 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x14527 | 5452 bytes |
font_02_sfnt_off000157b3.bineb70a12dddea901a1692901187fb8d6ac56ef46f1e7c0d5048fcda6de44ace99 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x157B3 | 10908 bytes |
font_03_sfnt_off00017a96.bin5d31b5919602df9e9a50e4353f67a81c60d30c13913bb6da4ee6bafdcfe5e7f8 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x17A96 | 11956 bytes |
font_04_sfnt_off0001a248.bin223b032948fc27d7eafc1ac1363c9f49288abdeb44a2fdad14da7639c6ab65fb |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1A248 | 18800 bytes |
font_05_sfnt_off0001bfda.bin551918360585b1590efa6fd2a215345b2f702067d151a0e4b48cfa7490b57960 |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1BFDA | 1736 bytes |
Open this report in the interactive analyzer, or submit your own file for analysis.