MALICIOUS
172
Risk Score
Machine Learning
- Nyx PDF Classifier malicious score 0.9998
Heuristics 4
-
ClamAV: Pdf.Dropper.Agent-7846721-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Dropper.Agent-7846721-0
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
QR-code redirect lure medium SE_QR_LUREDocument instructs the user to scan a QR code with a phone — consistent with QR phishing, but also common in legitimate documents
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://nokojobo.weebly.com/uploads/1/3/0/4/130436049/dowudig.pdf In PDF document text
- http://keepitlocalaustin.com/uploads/1/3/0/6/130639990/5493e9404d6e.pdfIn PDF document text
- http://vixenpromakeup.com/uploads/1/3/0/6/130605275/c2909927cc72dee.pdfIn PDF document text
- http://mostlyaboutmoney.com/uploads/1/3/0/5/130590531/807887.pdfIn PDF document text
- http://josopi.efl.su/uploads/2020/01/28/170142.pdfIn PDF document text
- http://laboiteagateaux.ca/uploads/1/3/0/4/130488539/790f8.pdfIn PDF document text
- http://niralidevgan.com/uploads/1/3/0/6/130639685/130639685.html#dreamweaver+tutorial+in+tamil+pdfIn PDF document text
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000113c.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x113C | 9752 bytes |
SHA-256: 443b8e541a94a298f50b3755500f6a2c0d982456401e2f7971fb305a8dd5c860 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.