MALICIOUS
156
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
This PDF document was flagged as malicious by ClamAV and an ML classifier. The file embeds a large number of external links characteristic of an SEO link farm. Specific URLs and indicators for this sample are listed in the indicators section.
Machine Learning
- Nyx PDF Classifier malicious score 0.9997
Heuristics 5
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://dafemum.ru/strik?utm_term=how+to+start+a+raffia+basket PDF link annotation
- https://static.s123-cdn-static.com/uploads/4479932/normal_6005ae9d57908.pdfIn PDF document text
- https://cdn-cms.f-static.net/uploads/4470967/normal_6052a999915c4.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4427282/normal_5ff042f52539c.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4403266/normal_5fca3e7732e28.pdfIn PDF document text
- https://beripetalodewug.weebly.com/uploads/1/3/4/8/134865824/mugowagovixete.pdfIn PDF document text
- https://turomanusogagi.weebly.com/uploads/1/3/1/4/131453559/16c62b9c.pdfIn PDF document text
- https://static.s123-cdn-static.com/uploads/4454575/normal_5fe5d0dc18e51.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://uploads.strikinglycdn.com/files/13564565-bd83-47da-9c27-0462cf5b0a99/59829823459.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/19bfca21-a459-480f-8b63-a39b2df926e9/why_is_my_hp_deskjet_2600_printing_blank_pages.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/e8c52092-3045-461e-bb77-a808295b613f/how_to_pair_my_blackweb_bluetooth_headphones.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/ffe3f564-aa3a-4845-8f08-2b98139d1282/how_to_create_drum_patterns.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/d75da325-78c5-47e5-80e0-c631a88a3f7b/31837700176.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/ba831d7a-3ddf-43dd-984f-e4c9aa4cdec8/vawov.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/fcb49aa3-5545-4c63-878c-aac74db2eaff/duzav.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/ff9322e7-6f1e-4564-a2d2-ccdf1af17281/what_is_a_marlin_336.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/5aa1004c-c15a-4b7c-a9ac-17684f12415c/the_book_of_birthdays_june_10.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/1b58b7ae-5a5b-45ce-a320-a685756e04db/toro_timecutter_ss4200_for_sale.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/011bc6f2-7c1a-4140-a143-5a2099d72ae3/philips_shaver_9000_head_replacement.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/6ab0c83d-e0db-4752-be25-a0b58dce05a4/67398498296.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/fde61f7e-e14e-4c13-b1a3-ff18d8a1eb6e/microsoft_flight_sim_xbox_reddit.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/cd70152e-bdb6-421e-8ce0-4fb855ae765e/essentials_of_biostatistics_in_public_health.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0001009c.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x1009C | 4984 bytes |
SHA-256: 3c019564feac8fd3032060dc643faed89bd094ec4b6fdcb8ddf82aaea1313a4e |
|||
font_01_sfnt_off000111b2.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x111B2 | 10688 bytes |
SHA-256: 05714bec7b240f530baef262d4141364ae2f42626c9b353dedfa6b9bdd525c0b |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.