MALICIOUS
156
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
This PDF file was detected as malicious by ClamAV and an ML classifier, indicating a phishing or trojan threat. It contains a mass external link farm, with one prominent URL leading to 'baarspo.ru', suggesting a phishing lure disguised as a search result for a common technical problem. The PDF structure and embedded links are indicative of a phishing campaign designed to redirect users to malicious sites.
Machine Learning
- Nyx PDF Classifier malicious score 0.9992
Heuristics 5
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://baarspo.ru/strik?utm_term=stanley+garage+door+opener+problem+fix PDF link annotation
- https://japiravonasuv.weebly.com/uploads/1/3/4/6/134644749/253cc3123d92a.pdfIn PDF document text
- https://rofofomigedug.weebly.com/uploads/1/3/4/4/134486696/xadokufufanumuravu.pdfIn PDF document text
- https://dojiladise.weebly.com/uploads/1/3/1/3/131379401/149276.pdfIn PDF document text
- https://dufofumiwiz.weebly.com/uploads/1/3/5/3/135309849/2d18d4f03.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://uploads.strikinglycdn.com/files/8fc907e9-807c-44fb-bee6-60e263f48148/22463709058.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/c72b234c-7ae5-44c7-9c99-7aad38f12e74/spread_of_islam_dbq.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/d7a681bf-d850-429d-af5c-39b000241144/amplificador_crown_dsi_1000.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/905c5910-5f90-4565-97b9-feac8c14a693/75938612549.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/68a04cbc-9fe0-4444-b46c-67349061d318/who_plays_in_twilight_breaking_dawn_part_2.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/a2d4152b-253c-4e39-ab2e-a7f5a06ab2e9/5th_grade_math_word_problems_worksheets_free.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/ed1889f7-50da-4b58-8985-ae1b5efc07fb/xegeli.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/8bc15c1e-c092-4a1d-999a-bd903bc8fb09/kebewafipokoxebofel.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/cb24f21b-f455-4d9a-827f-ff38bc9f5ea3/bonoralutatefuzixu.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/6569b4d4-0aa1-46a4-b391-a3f2f4c72cc7/gubonurajufirupem.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/5828cbd4-a515-4e45-8efd-33093165262b/82747314382.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/c680199c-4cf1-4a2a-92a1-6077e4606cfc/tamaz.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/105bb14a-663b-4d37-82fb-9a70261bcd4b/rezigurugukenikev.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/81ee79c9-f666-453c-8158-c985667a2194/lusewafokiwe.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/812c063a-64f8-4c77-ba88-639241db831a/my_turtle_beaches_keep_cutting_out.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/f6a352e7-c167-4aec-a87b-5e07c1f9a940/bmw_motorrad_navigator_6_manual.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/b3756eca-3648-4f9c-a379-962b5f68f0cd/how_to_use_ion_demi_permanent_hair_color.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/f91fb263-9b7e-4888-a93d-b54aab5bcc95/que_propiedades_tiene_el_tomate_verde.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/a609def3-26e4-4739-ae13-ff8403d277ea/65352786179.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000e76d.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xE76D | 5596 bytes |
SHA-256: d69f21b2be98140733f6e4ecde2d0496e38b7cc23ca4930b58344d175f00baeb |
|||
font_01_sfnt_off0000fa73.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xFA73 | 9956 bytes |
SHA-256: 686d83793c70b565f10b03a07fff11ad6abc55954bec587970527ad939f22ab3 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.