MALICIOUS
156
Risk Score
Malware Insights
MITRE ATT&CK
T1566.001 Spearphishing Attachment
T1059.007 JavaScript
This PDF document was flagged as malicious by ClamAV and an ML classifier. The file embeds a large number of external links characteristic of an SEO link farm. Specific URLs and indicators for this sample are listed in the indicators section.
Machine Learning
- Nyx PDF Classifier malicious score 0.9991
Heuristics 5
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARMSmall PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://crophysi.ru/123?utm_term=angularjs+bootstrap+spa+template PDF link annotation
- http://mishgen.com/bushnell_telescope_manual_78-_9003nar1c.pdfIn PDF document text
- http://wapuwesifatirok.iblogger.org/dapixam.pdfIn PDF document text
- http://goodsun.space/velocity_and_acceleration_problems_worksheet_answersm7vpc.pdfIn PDF document text
- http://my-credit.info/992358710534yowc.pdfIn PDF document text
- http://fortysgjdk.fun/36272321137qq76p.pdfIn PDF document text
- http://daliadiago.com/sole_f85_treadmill_sale_canada5z6qa.pdfIn PDF document text
- http://www.ascendercorp.com/In PDF document text
- http://www.ascendercorp.com/typedesigners.htmlIn PDF document text
- https://s3.amazonaws.com/paxunu/split_by_page_adobe.pdfIn PDF document text
- https://50aad03f-9d2a-47e6-be13-abd12f321b17.filesusr.com/ugd/3fd638_232a0616b221497a89501315be3b6918.pdf?index=trueIn PDF document text
- http://danofef.rf.gd/microstrip_antenna_thesis.pdfIn PDF document text
- https://s3.amazonaws.com/tugabijenovili/xidoxutebaxopibin.pdfIn PDF document text
- https://30c0d994-bee2-4d79-bc91-d4aaa7251653.filesusr.com/ugd/0962d9_5e53ced1a24649979e5b6690aa78418c.pdf?index=trueIn PDF document text
- https://s3.amazonaws.com/muxozuvalubi/51814710679.pdfIn PDF document text
- https://s3.amazonaws.com/sukobogixe/70003794392.pdfIn PDF document text
- http://gazezubutajon.rf.gd/engineering_science_n3_study_guide.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/1d52fc1a-96d1-41c7-a234-ddedeb3113d0/66480663559.pdfIn PDF document text
- https://s3.amazonaws.com/jubiferekaka/anari_film_songs_video.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/3b8233ed-5fd1-4e17-816a-059acc9d8dfe/what_is_the_best_counter_depth_refrigerator_on_the_market.pdfIn PDF document text
- https://uploads.strikinglycdn.com/files/6e958930-a50b-4a2b-90e2-95b96d33d242/information_security_issues.pdfIn PDF document text
- https://s3.amazonaws.com/gavexilatuvitaz/38535340232.pdfIn PDF document text
- https://c6506652-bf5e-4f52-be36-03dbfaede22c.filesusr.com/ugd/f74919_c292544ecabf49cd84f5d99a770b5085.pdf?index=trueIn PDF document text
- https://uploads.strikinglycdn.com/files/619523d0-0d31-4da3-a5c4-48b3f5da7480/does_brandy_melville_have_returns.pdfIn PDF document text
- https://s3.amazonaws.com/wefemabeni/28924051063.pdfIn PDF document text
- https://39c10a3a-92c6-412a-a1bb-b8a1fc48fbc4.filesusr.com/ugd/259099_6b93c12b89e640fb8943f418c1f9ac7e.pdf?index=trueIn PDF document text
- https://uploads.strikinglycdn.com/files/9cfcc31d-1743-419b-a321-aaf21e0f5d59/filusokifemabopepiduj.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
- http://purl.org/dc/elements/1.1/In PDF document text
- http://ns.adobe.com/pdf/1.3/In PDF document text
- http://ns.adobe.com/xap/1.0/In PDF document text
- http://ns.adobe.com/xap/1.0/mm/In PDF document text
- http://ns.adobe.com/xap/1.0/rights/In PDF document text
- http://scripts.sil.org/OFLIn PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off0000f442.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0xF442 | 5344 bytes |
SHA-256: fdf008c7586e15be9a80d038a127b912853c9aac50327fe7faeb0064829a13c9 |
|||
font_01_sfnt_off00010662.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x10662 | 11524 bytes |
SHA-256: 54f00ccd039d99f2fc19111e5a832cd332ca51edc4f67dd43a87532489ca5a63 |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.