MALICIOUS
166
Risk Score
Machine Learning
- Nyx PDF Classifier malicious score 0.5595
Heuristics 6
-
ClamAV: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Trojan-d2568dad23a94d95-d2568dad23a94d95-10044375-0
-
Image lure linking to an SEO redirector (free-download phishing) high PDF_SEO_UTM_REDIRECTOR_LINKPDF embeds an image with little or no body text and a clickable link to a multi-word utm_term / FeedBurner-proxied SEO redirector — the 'free ebook / solution-manual / document download' phishing family that ranks for natural-language search queries and routes the user into a payload/redirect chain. The PDF carries no exploit; the risk is the linked destination. Flagged structurally (image lure + SEO redirector) so it does not depend on a ClamAV/ML signature, and regardless of how many filler text pages the lure carries.
-
PDF link farm points to compromised-WordPress upload storage medium PDF_COMPROMISED_CMS_UPLOAD_LINK_FARMPDF contains multiple clickable links, across many distinct hosts, whose targets are random-slug files parked in the upload directories of vulnerable WordPress form plugins (FormCraft, Super Forms). This is the hallmark of the 'free document/template' SEO phishing PDF family, which ranks for search queries and routes users into payload/redirect chains hosted on compromised sites. The PDF itself carries no exploit — the risk is the linked destinations.
-
External URI info PDF_URIPDF contains an external URL action
-
Object number defined twice with different bodies info PDF_DUPLICATE_OBJ_BODY_INCREMENTALThe same indirect object (N G) is defined more than once with different body bytes. First-wins and last-wins readers will resolve different content, which is a parser-confusion shape used by targeted PDFs. Body-only differences are common in benign incremental updates, so severity is raised only when the duplicate carries active content.
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL https://yoyep.co.za/XSRYdR1H?utm_term=bark+at+the+moon+album PDF link annotation
- http://cmcthailand.com/ckfinder/userfiles/files/30364106480.pdfIn PDF document text
- https://coachtourbusrental.com/wp-content/plugins/formcraft/file-upload/server/content/files/1615cf77eae4b2---48775194450.pdfIn PDF document text
- http://www.sunarmisir.com.tr/wp-content/plugins/super-forms/uploads/php/files/vegob0ipa2i4vlbef99bl9h6f5/mozagadimitaparoke.pdfIn PDF document text
- http://zhongjiukeji.com/upload_fck/file/2021-10-9/20211009143025953586.pdfIn PDF document text
- https://bandotrading.com/uploads/file/38380966433.pdfIn PDF document text
- https://www.bevillelecomte.com/ckfinder/userfiles/files/40434123652.pdfIn PDF document text
- https://kayakbranson.com/wp-content/plugins/formcraft/file-upload/server/content/files/161a0c857d1b46---1501873180.pdfIn PDF document text
- https://kaemsp.org/upload/editor/file/bikexarepuvabudofuwifiron.pdfIn PDF document text
- http://modulobase.com/userfiles/file/68924786241.pdfIn PDF document text
- http://audiomaster.se/wp-content/plugins/formcraft/file-upload/server/content/files/16179e576c9918---77821414478.pdfIn PDF document text
- http://www.nuricomuvakfi.org/wp-content/plugins/super-forms/uploads/php/files/pbb72fk68k0qf0mdqjaq7ame67/mafutuwabizijagimuzilebo.pdfIn PDF document text
- https://ladangmimpi.com/contents/files/33334111991.pdfIn PDF document text
- https://kopari.hu/files/file/dunasufozeraw.pdfIn PDF document text
- http://urdu-hadith.com/survey/userfiles/files/28587588443.pdfIn PDF document text
- http://caerulumpharma.com/upload/files/tefadugenorawafok.pdfIn PDF document text
- http://jenan.com/ckfinder/userfiles/files/46903962732.pdfIn PDF document text
- https://a2designbg.com/userfiles/file/24746899278.pdfIn PDF document text
- http://dc-da27577df984.duragloss.pl/userfiles/file/ranuluvozekiwinis.pdfIn PDF document text
- http://sattamatkapatti.com/userfiles/file/rujiwirosek.pdfIn PDF document text
- https://sheenabusesandcoaches.com/userfiles/file/37837832434.pdfIn PDF document text
- http://sys-svinding.dk/userfiles/file/dajebiguvedas.pdfIn PDF document text
- https://ever-progress.dacola.com/upload/files/laxekabonabofitesi.pdfIn PDF document text
- https://414movement.com/wp-content/plugins/super-forms/uploads/php/files/66c1b7b68d5c75e5b30a7326440c440b/18918197980.pdfIn PDF document text
- http://djpress.pl/Image/files/57870153540.pdfIn PDF document text
- http://elitacasa.it/images/file/nuwabikapisejeve.pdfIn PDF document text
- http://permagnet.com/upload_files/file/211102002250088147f90psg.pdfIn PDF document text
- http://moderncarrent.com/user_img/files/sutoleguzulofutu.pdfIn PDF document text
- https://www.giromarilia.com.br/plugins/kcfinder/upload/files/20886756915.pdfIn PDF document text
- http://rayocazar.com/images/elfinder-1.1/files/file/94620974272.pdfIn PDF document text
- https://contact-house.com/fckeditor/upload/file/75535498398.pdfIn PDF document text
- https://www.utn.ac.cr/sites/default/files/files/xojotesinewesixekemuw.pdfIn PDF document text
- https://guptajimarriagebureau.com/userfiles/file/76615015437.pdfIn PDF document text
- https://cristalensi.com/public/File/54322090512.pdfIn PDF document text
- http://jar-ted.pl/file/20436040267.pdfIn PDF document text
- https://unique.global/wp-content/plugins/super-forms/uploads/php/files/38ea149b26f36dcc9c79a5e7f0915a1a/58612651571.pdfIn PDF document text
- http://terfigyelokamera.info/files/file/figapab.pdfIn PDF document text
- http://www.golfusa.be/userfiles/files/97792091432.pdfIn PDF document text
- https://360clothing.in/home/www360cl/public_html/uploads/images/files/dawajiwivadasin.pdfIn PDF document text
- https://cmf8.ir/data/file/70183877106.pdfIn PDF document text
- http://gxzepu.com/userfiles/file/76947678801.pdfIn PDF document text
- https://cashofferoregon.com/wp-content/plugins/formcraft/file-upload/server/content/files/1618b82344b45f---luborekuzokoniduzuw.pdfIn PDF document text
- https://toananhmedical.com/uploads/files/xamuk.pdfIn PDF document text
- http://akcompany.vn/uploads/userfiles/file/nilanitilerotenadeloler.pdfIn PDF document text
- https://sklepbonus.eu/userfiles/file/xugefipilaf.pdfIn PDF document text
- http://www.facyt.com.ar/ckfinder/userfiles/files/92217586464.pdfIn PDF document text
- http://zaintik.org/files/galeria/files/zapesojuseguxotagigunube.pdfIn PDF document text
- http://www.senioradviserab.se/admin/kcfinder/upload/files/peliwexekugebajabusoj.pdfIn PDF document text
- http://liavanhaeringen.nl/userfiles/files/39435012787.pdfIn PDF document text
- http://www.w3.org/1999/02/22-rdf-syntax-ns#In PDF document text
+7 more URL(s)
Extracted artifacts 3
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
font_00_sfnt_off00057c90.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x57C90 | 10496 bytes |
SHA-256: a6d09bad024ed8d9cc4eb35c2b785f4f4660c56de07a0205c6aec3c79bffdba3 |
|||
font_01_sfnt_off00059448.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x59448 | 16560 bytes |
SHA-256: 924ad5cb737cfd9a34472b2046831991df4d3950e5f0d7b552a18309318c2ee9 |
|||
font_02_sfnt_off0005ab65.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x5AB65 | 19960 bytes |
SHA-256: 123c07bdb22a088860cf74ce25e305fe177bf6533ea564181be40cbb043237af |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.