MALICIOUS
124
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
The PDF file contains a large number of external links, many of which are to other PDFs, suggesting a link farm or SEO poisoning tactic. One of the primary external links points to zajinet.ru, which is associated with phishing. The ClamAV detection also flags this as a phishing trojan. The document body, though heavily obfuscated, contains references to printer maintenance, likely a lure to disguise the malicious intent.
Machine Learning
- Nyx PDF Classifier suspicious score 0.4986
Heuristics 4
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
ClamAV: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2528dad23a95d95-d2528dad23a95d95-10044376-0
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://zajinet.ru/strik?utm_term=brother+mfc-7360n+resetear+toner
- https://cdn.sqhk.co/jivazufevi/gzibHPR/monster_jam_movie_songs.pdf
- https://cdn-cms.f-static.net/uploads/4453551/normal_604612e19f5a3.pdf
- https://cdn.sqhk.co/rorazelesu/GkxX9ic/52795589096.pdf
- https://digagewopaloz.weebly.com/uploads/1/3/4/6/134634746/60326e4e3a3a1.pdf
- https://static.s123-cdn-static.com/uploads/4365553/normal_5ff9071c79e59.pdf
- https://static.s123-cdn-static.com/uploads/4369648/normal_5fcca6b3778b3.pdf
- https://static.s123-cdn-static.com/uploads/4476146/normal_60093617125e6.pdf
- https://cdn.sqhk.co/gunonutib/hg4Ojbf/viviwumofagusupudu.pdf
- https://zudiwimuda.weebly.com/uploads/1/3/1/4/131438079/f4eec294bfc.pdf
- https://jukafubu.weebly.com/uploads/1/3/0/8/130874261/gizovolavedu_pasofatipifobag_sigur.pdf
- https://static.s123-cdn-static.com/uploads/4380858/normal_600114debab90.pdf
- https://mebugiroxubo.weebly.com/uploads/1/3/0/7/130776511/zanuzu.pdf
- https://cdn.sqhk.co/kafekata/ehd6gfj/pregnancy_tracker_week_by_week_app.pdf
- https://cdn.sqhk.co/ramawuvade/a9Egiih/83372546241.pdf
- https://uploads.strikinglycdn.com/files/8f6608db-a9c8-47ec-a08e-43e275e4bd66/47915657281.pdf
- https://uploads.strikinglycdn.com/files/8a04b35e-a795-4d5d-83ed-0eb9e36cef40/medidemexuxarip.pdf
- https://c931c956-7f53-4e4e-96dc-27d7f003ba63.filesusr.com/ugd/b80c10_f87fe0ab9acc4839a8f15601d61ff9bb.pdf?index=true
- https://05e27880-d5e1-4d3d-8428-ba943e9300bc.filesusr.com/ugd/b56239_c15ac66e48e643e88820b848cedf6e8a.pdf?index=true
- https://d3dd75b0-514a-4dbf-a1f7-973a5b421fb1.filesusr.com/ugd/5b46ec_165b91d814a14d81ba537f0b4e9eebc2.pdf?index=true
- https://uploads.strikinglycdn.com/files/86069e18-a371-4a1d-b6d7-bd4f48c0740b/hopper_with_sling_amazon_prime.pdf
- https://uploads.strikinglycdn.com/files/3f99160b-b347-4ab3-8c09-6036b5009345/wepakerusuti.pdf
- https://uploads.strikinglycdn.com/files/1a85f2a4-9767-47f7-8997-4d5dcf854314/best_way_to_beat_1_3_1_zone_defense.pdf
- https://3ced707c-20bd-49bb-93f1-edb15be4e391.filesusr.com/ugd/e90305_98317f2623194111802d0c8460d6098e.pdf?index=true
Open this report in the interactive analyzer, or submit your own file for analysis.