MALICIOUS
156
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
The PDF file contains numerous external links, a common tactic for phishing or SEO spam. One prominent URL, 'https://pelibifir.ru/strik?utm_term=cold+equations+summary', is flagged as suspicious and likely leads to a malicious site. The presence of a link farm heuristic further supports the malicious intent, suggesting the PDF is designed to drive traffic to external resources.
Machine Learning
- Nyx PDF Classifier malicious score 0.9960
Heuristics 5
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://pelibifir.ru/strik?utm_term=cold+equations+summary PDF link annotation
- https://static.s123-cdn-static.com/uploads/4451365/normal_5fcdc862206fc.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4489052/normal_60692f521f8c4.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4365583/normal_60530b2913e28.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4367938/normal_605fd7c77b176.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4369307/normal_5ffdee2d2a835.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4474720/normal_601d3527aa450.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://s3.amazonaws.com/bewibiwat/dewomigetotariba.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/016901df-fe7f-4e02-889c-9737f3a9f9f0/el_nuevo_houdini_chapter_3.pdfIn PDF document text
- https://s3.amazonaws.com/mexijegedakol/pezatuxogukidi.pdfIn PDF document text
- https://4abf464d-34d5-4c80-8de5-e64f30e04530.filesusr.com/ugd/8b3eb5_9968ceb8205e48329726e15b44e3cb16.pdf?index=trueIn PDF document text
- https://uploads.strikinglycdn.com/files/0cd2b900-8623-4794-a76d-1e57c7da87ac/how_to_open_bosch_silence_plus_50_dba.pdfIn PDF document text
- https://03a45e23-20c9-4b13-8d21-50c2609e56df.filesusr.com/ugd/502f3d_d9b68359a906428fb2e2e5bc501dde31.pdf?index=trueIn PDF document text
- https://f78a7b13-e75c-4ddc-9f3c-03cd83736f6c.filesusr.com/ugd/90c53f_fba516a938e74c6891c1c706ef72e20f.pdf?index=trueIn PDF document text
- https://1bc2da55-d9f9-46f5-9d67-b48dc82c85d4.filesusr.com/ugd/957ce7_7086a5b7778e4bbaa01e5217062ce9a5.pdf?index=trueIn PDF document text
- https://s3.amazonaws.com/didowugorokirug/mopazipuvalofowubo.pdfIn PDF document text
- https://d38713d8-f9e0-49bf-8e72-3f46774ce551.filesusr.com/ugd/b3faf5_4635fcdf1a2d448e93ae0cadffb37b87.pdf?index=trueIn PDF document text
- https://5e9816b5-e261-4a84-a5c7-594b6999e1c8.filesusr.com/ugd/eb2f7d_ab250a1b3d7743898285c6b4d82bbb64.pdf?index=trueIn PDF document text
- https://e5baaea7-7007-41de-9367-4ebf3ed55875.filesusr.com/ugd/8e1900_6a8f82975e904373a7809498f902f396.pdf?index=trueIn PDF document text
- https://uploads.strikinglycdn.com/files/de7f3550-d1aa-4d73-bfe1-0122ed818bd7/junukifesuroluna.pdfIn PDF document text
- https://s3.amazonaws.com/zumezeviwakiz/finance_challenge_answers.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/38329e8a-5bc4-48dd-8502-c24b7e9d6cfa/21747738623.pdfIn PDF document text
- https://s3.amazonaws.com/donarepemi/estimating_quotients_worksheets_3rd_grade.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/e0e5975d-0e01-4cc3-ade2-3733bf45cd63/libro_la_magia_del_orden_leer_online.pdfIn PDF document text
- https://2e6726a7-2e78-456a-9fa1-8bc85c3b20a6.filesusr.com/ugd/76e31d_1061ac0c0abd4d8cb40cb483c5535e4e.pdf?index=trueIn PDF document text
- https://77bac38d-831a-46d6-8f22-d7743fcadc58.filesusr.com/ugd/5b9a87_cd4cc609018942279259f9430ae8f139.pdf?index=trueIn PDF document text
- https://00c0516a-c822-4344-a779-6f74e039753d.filesusr.com/ugd/9e41f0_683c58fe45204e489df4f8d5d4bac125.pdf?index=trueIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000efd2.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xEFD2 | 5104 bytes |
SHA-256: c3b0019af7618838ddc11e8b0765d18653278a6558745b1f14a281aa45732614 |
|||
font_01_sfnt_off00010112.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x10112 | 11180 bytes |
SHA-256: 4a6f75df560b8313cc88a03d2b3700b69d65bc0fd7a0b835ad9e8c6bc97ad9c9 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.