MALICIOUS
156
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
This PDF document was flagged as malicious by ClamAV and an ML classifier. The file embeds a large number of external links characteristic of an SEO link farm. Specific URLs and indicators for this sample are listed in the indicators section.
Machine Learning
- Nyx PDF Classifier malicious score 0.9992
Heuristics 5
-
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://crophysi.ru/award?keyword=ejercicios+abdominales+core+pdf PDF link annotation
- https://cdn.sqhk.co/rogenujudita/cdo1pMe/balance_ball_exercises_for_legs.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4368486/normal_602ed30f94987.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4473616/normal_5ffa36d5ed546.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4420610/normal_5fcc300d069d2.pdfIn PDF document text
- https://cdn.sqhk.co/gufezitaxato/gOiijcz/kicks_kung_fu_movie.pdfIn PDF document text
- https://cdn.sqhk.co/gerukoso/iihiRo5/wifi_calling_lycamobile_pl.pdfIn PDF document text
- https://cdn.sqhk.co/nabaxifow/htHggdO/flixtor_is_back.pdfIn PDF document text
- https://cdn.sqhk.co/xuxozowaki/jdo9Sqb/cnc_lathe_machine_programming_tutorial.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://5053e88e-9e18-4719-890c-32a1cca0295d.filesusr.com/ugd/411503_3aca4249a476489bb8e79fe4b1c08e90.pdf?index=trueIn PDF document text
- https://933afb0c-60ca-4ff4-ba38-e7c804ca925d.filesusr.com/ugd/941881_8aac6463dafb4757b0da75869bb69c32.pdf?index=trueIn PDF document text
- https://s3.amazonaws.com/gapuruxumeg/bexajabugolapana.pdfIn PDF document text
- https://s3.amazonaws.com/tinivukedeta/door_gate_design_free.pdfIn PDF document text
- https://972af30b-04c2-4618-b911-83ba0b7fef9e.filesusr.com/ugd/84a5c6_14c7441e8f6b4c50bc6c5b2e4841fca0.pdf?index=trueIn PDF document text
- https://uploads.strikinglycdn.com/files/350a559f-92dc-4688-8359-a33f0057a72e/siwisexutajemagomirurik.pdfIn PDF document text
- https://s3.amazonaws.com/zalisujezajaje/federal_holidays_2021_banks_closed.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/c3fd92ad-2e32-425f-b0f3-254251ceecc7/biblia_dios_habla_hoy_en_espaol_gratis.pdfIn PDF document text
- https://1350f94c-8d6f-42b4-8351-24983ad6a49a.filesusr.com/ugd/4aae87_61db310c58d5453d94520b8061d8a047.pdf?index=trueIn PDF document text
- https://s3.amazonaws.com/tadevewuju/21908364960.pdfIn PDF document text
- https://s3.amazonaws.com/remavuj/23192141896.pdfIn PDF document text
- https://aefbb2f1-1cfc-4a48-aab2-d72547d84173.filesusr.com/ugd/2f3ac6_36e4b4101cc8475e8c2afde516375038.pdf?index=trueIn PDF document text
- https://s3.amazonaws.com/ravuxudibure/office_365_quarantine_report_settings.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/cb516dd2-37ff-427a-8d40-899a9acfdb4f/3_definiciones_de_economia_de_diferentes_autores.pdfIn PDF document text
- https://s3.amazonaws.com/borokegujuzero/oh_come_to_the_altar_shane_and_shane_lyrics.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/da4ab8ed-9ec2-4acf-a661-b5ac6e4349a6/2210386791.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000f4f8.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xF4F8 | 5472 bytes |
SHA-256: c074c3ab4e44bc5a01c5a69a96bbea1b1a777a8f8a94173c9832b1ef30c0de8a |
|||
font_01_sfnt_off0001077f.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1077F | 11312 bytes |
SHA-256: 8ff2385c0cfc5ba6c69ba71a7fdaefa5540ec3cb832d4dd199ee8fbe7cab0a2b |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.